Malware authors are attempting to hide behind Russia's reputation as digital crime centre to throw investigators off their scent, a security firm has found.
However, BAE Systems threat research analysts Sergei Shevchenko and Adrian Nish believe the Russian language used in the malware is "most likely the result of an online translation" and not the work of a native speaker.
The analysts found multiple examples of inconsistencies and basic errors in the Russian terms used in the malware, and believe it was used to spoof the malware's country of origin.
Rather than Russian cyber criminals, the security vendor's analysis hinted the malware could be deployed by the Lazarus group, which has been active for the past seven to eight years.
More recently, security vendor Symantec linked the Lazarus group to the US$81 million (A$105.5 million) heist on the Bangladesh Central Bank in 2016, in which malware was deployed to take over computers that transferred money over the global SWIFT payments network.
The identities of those in the Lazarus group are unknown.