North Korean Hackers Use Telegram to Steal Cryptocurrencies

3 min reading

As the latest research shows, North Korean hackers have developed a clever way of stealing BTC and other cryptocurrencies through a popular messaging application, Telegram.

A new form of attack

Cybercrime specialists from Kaspersky Labs found out that a famous group of hackers, commonly known as Lazarus, had developed improved, perfidious methods of attacking individuals and companies from around the world. The operation was called AppleJeus. Malware runs in memory, not on hard drives, and because of that it is difficult to be detected. People from Great Britain, China, Russia and Poland are among its victims. The scale of frauds and the amount of the stolen funds were not given, however.

Cybercriminals lure their victims in a rather nondeceptive way as they create fake websites dedicated to cryptocurrencies, as well as channels on Telegram. Malicious links posted on websites and on groups infect the target device, providing attackers with access to all user data. As a result of this they are able to, for example, steal their private keys.


It is worth adding that the United Nations reported lst year that Korean hackers had stolen about $2 billion from financial institutions and cryptocurrency exchanges. The most famous intrusions include those on Bithumb, Youbit and Nicehash.

The Telegram is not responsible!

The Telegram's spokesman urged users not to panic because Malware does not reflect the breaches of security of this application. What is more, there is no difference between this particular malware and those that may be found on websites or thos that may be infecting through emails.

Moreover, users can evade these unpleasant consequences by acting approprietly online. That is: downloading files from trusted sources only and using renown anti-virus programs.

In one of the cases presented by Kaspersky Lab, the user downloaded the malware through Telegram, but the application itself was not affected. After being infected, the attackers gained access to the victim's device. The cybercriminals company has found a great number of fake cryptocurrency websites. It turns out that most of them were created using free templates.

Waluta Kurs Dokonaj zakupu

Dear customer,

We use cookies to provide our services correctly and safely. Cookies are small text-based data sets that shall be saved on the device you are using in connection with the use of this instnat website. Cookies are created in order to ensure proper functioning of thes instant website. By clicking the button "I accept and go to the website", you implicitly agree to creation of the cookies on your computer and to deploy automatic tracking and data collection and processing on behalf of the Tokeneo TEO OU. Click the above-captioned button is also tantamount to accepting website's privacy policy. Closing the notification by means of "X" is unequivocally connected with your consent. If you do not agree to any of the above, please discontinue using our Website.

“Cookies” shall make an identification of the software used by you and to customization of this instant website to your needs. Cookies contain the name of the domain from which they origin, duration of period of their storage on your computer and an assigned value.

Third party cookies:
We also use third-party cookies for the following purposes:

  • creating statistics - helping to understand the way Users use the Website, which allows to improve its structure and content with use of the analytical tools
  • defining a user profile - in order to display custom-tailored content in advertising networks.

External entities that might be source of any third-party cookies on this instant Website are as follows:

Using a settings of your web browser or by using pre-set configuration tools available in our service you can independently and at any time change the settings concerning your use of the “cookies”, specifying the conditionsof their storage and how your device is creating and downloading them. These settings can be changed to block the automatic handling of cookies in the settings of your web browser or inform about their placement on your device each time.

Detailed information about the options related to use of “cookies” is available in the settings of your software (web browser).

Service privacy policy

This instant document lays out the principles of the Privacy Policy on the tokeneo.com/news/pl website (hereinafter referred to as the "Website" or "Service"). The administrator of the Website is TOKENEO TEO OÜ (an Estonian law limited liability company) with its registered offices in Tallinn (in the province of Harju Maakond), at 19-7K Maakri Street (in the district of Kesklinna Iinnaosa), 10-145 Tallinn, Estonia, registered on 21.12.2018 in the Estonian Business Register under number 14630242, using the EU VAT number: EE102149487.

The full document to read the Tokeneo privacy policy is available in this document.

Advanced settings can be changed in your browser.