Lazarus used ‘Kandykorn’ malware in attempt to compromise exchange — Elastic By Cointelegraph


Lazarus Group used a new form of malware in an attempt to compromise a crypto exchange, according to an Oct. 31 report from Elastic (NYSE:) Security Labs.

Elastic has named the new malware “Kandykorn” and the loader program that loads it into memory “Sugarload,” as the loader file has a novel “.sld” extension in its name. Elastic did not name the exchange that was targeted.

Kandykorn infection process. Source: Elastic Security Labs