Microsoft: Lazarus hackers are weaponizing open-source software


Level 75
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Microsoft says the North Korean-sponsored Lazarus threat group is trojanizing legitimate open-source software and using it to backdoor organizations in many industry sectors, such as technology, defense, and media entertainment.

The list of open-source software weaponized by Lazarus state hackers to deploy the BLINDINGCAN (aka ZetaNile) backdoor includes PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer.

The PuTTY and KiTTY SSH clients were also used to backdoor targets' devices in fake job skills assessments, as reported by Mandiant this month.

This trojanized software was used in social engineering attacks from late April to mid-September 2022 and primarily focused on engineers and technical support professionals working at IT and media organizations in the UK, India, and the U.S.

The attackers created "fake profiles claiming to be recruiters working at technology, defense, and media entertainment companies, with the goal of moving targets away from LinkedIn and to the encrypted messaging app WhatsApp for the delivery of malware," Microsoft said.

"Targets received outreach tailored to their profession or background and were encouraged to apply for an open position at one of several legitimate companies."

After the targets were tricked into downloading the weaponized software to deploy the malware on their systems, the Lazarus operators used the backdoor for lateral movement and network discovery, with the end goal of stealing sensitive info.

ForgottenSeer 95367

"trojanizing legitimate open-source software and using it to backdoor organizations "

This is nothing new.
Open source is rarely maintained and curated to ensure it is safe.
  • Like
Reactions: vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.