GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware.

Cybersecurity researchers at ReversingLabs have found a new scam targeting blockchain developers with fake job offers. Their research, shared with Hackread.com, reveals that hackers are now registering real legal companies in the US to trick their victims.

The Florida Connection

The hackers, part of the North Korea-linked Lazarus Group, are running what researchers have dubbed the graphalgo campaign, where they have gone to great lengths to create legitimacy. To look like a real business, they registered a company called Blocmerce as a legal LLC in Florida last August, set up accounts that mimic the legitimate firm SWFT Blockchain, and even ran fake operations under the names Blockmerce and Bridgers Finance.

That’s not all ...