Malware authors camouflage code with Russian terms

By on
Malware authors camouflage code with Russian terms

Lazarus group thought to be behind attack code.

Malware authors are attempting to hide behind Russia's reputation as digital crime centre to throw investigators off their scent, a security firm has found.

Low-level analysis of the malware used by the Lazarus group to attack Polish financial institutions has unearthed several Russian words in the application's components. 

However, BAE Systems threat research analysts Sergei Shevchenko and Adrian Nish believe the Russian language used in the malware is "most likely the result of an online translation" and not the work of a native speaker.

The analysts found multiple examples of inconsistencies and basic errors in the Russian terms used in the malware, and believe it was used to spoof the malware's country of origin.

Malware schematic. Source: BAE Systems

Rather than Russian cyber criminals, the security vendor's analysis hinted the malware could be deployed by the Lazarus groupwhich has been active for the past seven to eight years.

The Lazarus group is suspected of being behind several destructive attacks against high-profile targets such as Sony Pictures Entertainment in 2014 and companies in the United States and South Korea.

More recently, security vendor Symantec linked the Lazarus group to the US$81 million (A$105.5 million) heist on the Bangladesh Central Bank in 2016, in which malware was deployed to take over computers that transferred money over the global SWIFT payments network.

The identities of those in the Lazarus group are unknown.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?