Lazarus Deploys New Fileless Malware

The Lazarus Group is targeting financial firms with a new, sophisticated malware that operates without leaving files on disk.

Security researchers have identified a new, sophisticated malware named RemotePE being used by the North Korea-linked Lazarus Group. This cross-platform Remote Access Trojan (RAT) is specifically designed to operate entirely within a system's memory, a technique known as a "fileless" attack. The malware is delivered through a multi-stage process that begins with a loader called DPAPILoader, which in turn deploys a second loader, RemotePELoader. This complex chain of execution allows the final payload to be loaded directly into memory without ever being written to the hard disk, making it exceptionally difficult for conventional, file-based security tools to detect.

The deployment of RemotePE marks a significant advancement in the Lazarus Group's capabilities, posing a direct and elevated threat to financial and cryptocurrency organizations. Fileless malware is inherently stealthy, as it bypasses security solutions that rely on scanning files for malicious signatures. By residing only in RAM, the malware can evade detection while performing malicious activities like data exfiltration, executing commands, and maintaining persistence. This technique increases the likelihood of a successful breach, putting sensitive financial data and digital assets at high risk. Security teams in the targeted sectors must adapt their defense strategies to counter threats that do not leave traditional forensic evidence, focusing instead on memory analysis and behavioral monitoring.

This fileless malware from a major state-sponsored actor can bypass traditional antivirus software, posing a significant, hard-to-detect threat to high-value financial targets.

Financial and crypto firms face an increased risk of sophisticated, stealthy breaches that can lead to significant financial loss and data theft. The malware's fileless nature requires businesses to invest in advanced threat detection capabilities beyond traditional antivirus, such as memory forensics and behavioral analysis.