North Korean hacker group Lazarus deploys fileless Trojan RemotePE, attacking cryptocurrency companies and banks
By: rootdata|2026/05/26 09:42:01
0
Share
According to Cryptopolitan, cybersecurity analysts have discovered a new type of fileless remote access trojan (RAT) named RemotePE. It is believed that the cybercrime organization Lazarus Group, associated with North Korea, is using this trojan to attack banks and cryptocurrency companies. The trojan operates entirely in memory, making it difficult for traditional antivirus and forensic tools to detect. Attackers impersonate trading company employees via Telegram, using forged Calendly and Picktime links for social engineering attacks. The malware is loaded in a three-stage chain through DPAPILoader, RemotePELoader, and RemotePE, with the entire process avoiding contact with the file system, utilizing process hollowing, anti-analysis checks, and encrypted C2 communication to evade detection.
This malware was first discovered in September 2025. In the first four months of 2026, the Lazarus organization has stolen approximately $577 million in cryptocurrency assets, accounting for 76% of the total global cryptocurrency theft. Since 2017, the organization has accumulated a total theft amount of $6 billion.
You may also like
Morning Report | Binance launches DYOR research tool; YZi Labs launches recruitment platform YZi Talent; Vitalik states that the Ethereum Foundation will "downsize" and reduce the amount of ETH sold
Overview of Important Market Events on May 25
Morning News | Michael Saylor stated that this week he bought bonds instead of Bitcoin; StablR was attacked and lost about 2.8 million dollars; the U.S. Congress is pushing the Bitcoin Reserve Act again
Overview of Important Market Events on May 24
SuperEx's Mars exploration dream: Digital currency is the key to unlocking economic exchanges in the interstellar era
SuperEx has always called for exchanges to focus not on internal strife and competition, but on jointly promoting the development of digital currencies, becoming a driving force for the future interstellar era.
Key Takeaways: Full Text of Google Chief Scientist Shanahan's Speech
Google DeepMind Chief Scientist Shanahan's London Speech: Deconstructing the mental attributes of large language models (LLM) using the framework of Wittgenstein, analyzing the trend of "alien self-identity" under the context of all-weather agents.
Agentic Design Patterns: A book that made me rethink "What exactly is an Agent?"
Google Engineering Director's new book deeply analyzes: 21 design patterns of AI Agents. This article reveals the core progression from "bare LLM" to advanced intelligent agents, detailing Context Engineering, the dual Agent reflection mechanism (Producer-Critic), and the three-layer memory model, w...
The richest chairman of the Federal Reserve in 112 years has arrived: Kevin Warsh is rewriting the rules
The "richest" new chairman of the Federal Reserve, Kevin Warsh, has officially taken office. His alternative proposal of "balance sheet reduction + interest rate cuts" aims not only to reshape the decision-making mechanism but also to profoundly disrupt the U.S. Treasury, the dollar, and the global ...
Vitalik talks about the future of the Ethereum Foundation: a smaller, more distinctive, yet more enduring ship
Vitalik elaborated on his personal views regarding the transformation direction of the Ethereum Foundation: EF is not "the center of Ethereum," but one of many nodes. With limited resources, EF chooses long-termism over spreading itself thin, focusing on key tasks that "would not happen without EF"—...
New Types of Information Laundering in Prediction Markets: How Secrets Integrate into Investment Signals
The harsh reality is that information laundering is not a man-made loophole in the prediction market, but rather a side effect of its core operating mechanism.
Vitalik emphasized in a post that Ethereum must be "amazing," but the foundation is not the center
In response to the recent repeated doubts from the community regarding the Ethereum Foundation, Vitalik addressed the community's concerns today in a long article with an honest and firm attitude, systematically elaborating on his deep thoughts about the role, strategic direction, and value position...
DeFi has reached its most dangerous moment: the real vulnerabilities are not in the code
April 2026 is not just a security crisis; it is the moment when the industry's mental model completely collapses, and it is also the moment when the protocols that can survive are distinguished from those that cannot.
WEEX Bitcoin Pizza Day: Zero Fees, BTC Cashback & 150,000 USDT to Honor Crypto History
Join WEEX’s Pizza Day celebration! From zero fees to BTC cashback, honor the first ever real-world bitcoin transaction. 150,000 USDT prize pool, that's the way WEEX rewards its users and honors crypto history.
a16z: 7 Images to Understand How Tokenization Changes the Nature of Assets
It's far more than just moving traditional assets onto the blockchain.
The secret to Hyperliquid's success dismantled from the five-layer financial stack
Hyperliquid is not a DEX that continuously adds features, but rather a financial operating system built in a strict sequence.
After Futu Securities was banned, will buying stocks on-chain be the new remedy?
If it moves steadily, it may be an important stop for financial assets on the blockchain; if treated as a detour tool, it will become the next risk site.
Why Crypto Traders Are Watching Gold and Nasdaq Again in 2026
Bitcoin is ranging while gold and Nasdaq volatility surge in 2026. Discover why crypto traders are using USDT to trade gold, silver, and global indices without a traditional brokerage account.
Why have foreign exchange stablecoins never taken off?
Rather than issuing a local currency stablecoin from scratch, it is better to build a layer of foreign currency pricing on top of a USD stablecoin, allowing users to enjoy the liquidity of the dollar while keeping accounts in local currency.
AIDC, computing power leasing, and cloud: The "three-part thesis" of AI transformation in cryptocurrency mining farms
The "AI transformation" of cryptocurrency mining farms is not just a slogan; it is unfolding in three recognizable stages.
Futu has had all its illegal gains confiscated, reminding cryptocurrency exchanges
Even if foreign financial institutions obtain licenses abroad, as long as you are effectively providing financial services to residents in mainland China, Chinese regulatory authorities may evaluate your actions according to Chinese law.
Morning Report | Binance launches DYOR research tool; YZi Labs launches recruitment platform YZi Talent; Vitalik states that the Ethereum Foundation will "downsize" and reduce the amount of ETH sold
Overview of Important Market Events on May 25
Morning News | Michael Saylor stated that this week he bought bonds instead of Bitcoin; StablR was attacked and lost about 2.8 million dollars; the U.S. Congress is pushing the Bitcoin Reserve Act again
Overview of Important Market Events on May 24
SuperEx's Mars exploration dream: Digital currency is the key to unlocking economic exchanges in the interstellar era
SuperEx has always called for exchanges to focus not on internal strife and competition, but on jointly promoting the development of digital currencies, becoming a driving force for the future interstellar era.
Key Takeaways: Full Text of Google Chief Scientist Shanahan's Speech
Google DeepMind Chief Scientist Shanahan's London Speech: Deconstructing the mental attributes of large language models (LLM) using the framework of Wittgenstein, analyzing the trend of "alien self-identity" under the context of all-weather agents.
Agentic Design Patterns: A book that made me rethink "What exactly is an Agent?"
Google Engineering Director's new book deeply analyzes: 21 design patterns of AI Agents. This article reveals the core progression from "bare LLM" to advanced intelligent agents, detailing Context Engineering, the dual Agent reflection mechanism (Producer-Critic), and the three-layer memory model, w...
The richest chairman of the Federal Reserve in 112 years has arrived: Kevin Warsh is rewriting the rules
The "richest" new chairman of the Federal Reserve, Kevin Warsh, has officially taken office. His alternative proposal of "balance sheet reduction + interest rate cuts" aims not only to reshape the decision-making mechanism but also to profoundly disrupt the U.S. Treasury, the dollar, and the global ...
Popular coins
Latest Crypto News
Read more
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
