Stealthy Threat Emerges: Lazarus Group Unleashes LightlessCan Malware in Fake Job Scams

In a concerning development, cybersecurity researchers at ESET have uncovered a new and sophisticated malware variant, named “LightlessCan,” deployed by the notorious North Korean hacking collective, Lazarus Group. This malware, utilized in fake job scams, presents a significant challenge for detection compared to its predecessor, BlindingCan.

The Evolution of Deception

Leveraging a recent fake job attack against a Spain-based aerospace firm, ESET’s senior malware researcher, Peter Kálnai, detailed the discovery of LightlessCan in a post on September 29. The Lazarus Group, known for its elaborate fake employment scams, entices victims with promises of potential job opportunities at reputable organizations. Once hooked, victims unwittingly download a malicious payload disguised as seemingly innocuous documents, leading to various forms of cyber damage.

Kálnai emphasizes that LightlessCan marks a “significant advancement” over BlindingCan due to its ability to mimic native Windows commands. This capability allows discreet execution within the Remote Access Trojan (RAT) itself, avoiding the noisy console executions that were more characteristic of its predecessor.

Stealth in Action

“This approach offers a significant advantage in terms of stealthiness,” Kálnai notes, “both in evading real-time monitoring solutions like EDRs (Endpoint Detection and Response), and postmortem digital forensic tools.”

Additionally, LightlessCan introduces what Kálnai terms “execution guardrails,” a security measure ensuring that the payload can only be decrypted on the intended victim’s machine. This strategic move prevents unintended decryption by security researchers, adding another layer of complexity to the already elusive malware.

A Real-World Example

One specific case involving LightlessCan was an attack on a Spanish aerospace firm. In this instance, an employee received a message from a fake Meta recruiter named Steve Dawson in 2022. The attackers, posing as potential employers, sent over two seemingly innocent coding challenges embedded with the LightlessCan malware. Kálnai notes that cyberespionage was the primary motivation behind Lazarus Group’s attack on the aerospace firm.

Implications for Crypto Firms

Crypto firms are now placed on high alert as Lazarus Group’s use of LightlessCan raises the stakes in the ongoing cat-and-mouse game between hackers and cybersecurity experts. The malware’s enhanced stealth features and encryption safeguards pose a serious threat to detection mechanisms, emphasizing the need for heightened vigilance and updated cybersecurity measures within the crypto industry.

As the landscape of cyber threats continues to evolve, the ability to adapt and fortify defenses against such advanced malware becomes paramount for organizations in the crypto space. The Lazarus Group’s latest move serves as a stark reminder that innovation in cybersecurity is essential to stay one step ahead of relentless adversaries.


Related articles

Argentina’s Crypto Community Divided Over New Regulations

Argentina's cryptocurrency landscape has been under scrutiny since the...

Partnership Aims to Accelerate Web3 Adoption in Saudi Arabia

Droppgroup, a leading Web3 development firm, and Superteam, a...

Aerodrome Finance Hits $1.66B Volume Milestone, Rewards Community Engagement

Aerodrome Finance, a prominent automated market maker (AMM) and...

Web3 Solutions Transform Water Access in Rural India

The Crypto Council for Innovation revealed striking improvements in...
Maria Irene
Maria Irene
Maria Irene is a multi-faceted journalist with a focus on various domains including Cryptocurrency, NFTs, Real Estate, Energy, and Macroeconomics. With over a year of experience, she has produced an array of video content, news stories, and in-depth analyses. Her journalistic endeavours also involve a detailed exploration of the Australia-India partnership, pinpointing avenues for mutual collaboration. In addition to her work in journalism, Maria crafts easily digestible financial content for a specialised platform, demystifying complex economic theories for the layperson. She holds a strong belief that journalism should go beyond mere reporting; it should instigate meaningful discussions and effect change by spotlighting vital global issues. Committed to enriching public discourse, Maria aims to keep her audience not just well-informed, but also actively engaged across various platforms, encouraging them to partake in crucial global conversations.


Please enter your comment!
Please enter your name here