logo
  • menu
  • Markets
  • ETFs
  • Live
  • Spot
  • Futures
  • Bots
  • Learn
  • Sign In
  • Sign Up
  • Downloads
  • English
  • |
  • USD
  • |
Sign Up
Crypto PricesLearnLatest NewsDownloadsMarketsSpotAnnouncements
Home/
Latest News/
Markets

Lazarus Targets Exchange with 'Kandykorn' Malware

By Sherry Cantwell
Nov 6, 2023
4.6 
★
★
★
★
★
★
★
★
★
★
 401 User Rating
Share

A new report from Elastic Security Labs has shed light on the Lazarus Group's attempt to compromise cryptocurrency exchanges using a novel type of malware, which Elastic has named "Kandykorn." Additionally, they've dubbed the loader that deploys this malware into memory as "Sugarload" due to a unique ".sld" extension in its name. While Elastic didn't reveal the specific exchange targeted, the Lazarus Group has been implicated in a series of private key hacks on cryptocurrency exchanges in 2023.

The attack initiated with Lazarus members posing as blockchain engineers and engaging in conversations with engineers from an undisclosed cryptocurrency exchange through Discord. They claimed to have developed a profitable arbitrage bot capable of exploiting differences in cryptocurrency prices across exchanges. The unsuspecting engineer was persuaded to download the so-called "bot," which included files with deceptive names like "config.py" and "pricetable.py" to mimic an arbitrage bot.

Once executed, the program ran a "Main.py" file that initiated both legitimate and malicious processes, including a file known as "Watcher.py." This malicious component established a connection with a remote Google Drive account, downloading content into another file named "testSpeed.py." The program ran testSpeed.py once and then deleted it to conceal its activities.

During a single execution of testSpeed.py, the program downloaded additional content and eventually deployed a file that Elastic referred to as "Sugarloader." Sugarloader was concealed using a "binary packer," enabling it to evade detection by most malware identification systems. However, Elastic researchers uncovered it by forcing the program to halt after the initialization process and taking a snapshot of the process's virtual memory.

Elastic conducted a VirusTotal malware scan on Sugarloader, but the detector did not flag it as malicious. Once Sugarloader infiltrates a device, it connects to a remote server and directly loads Kandykorn into the device's memory. Kandykorn contains various features that can be exploited by remote servers for malicious purposes, such as listing directory contents on the victim's machine or transferring the victim's files to the attacker's machine.

Elastic believes the attack took place in April 2023, emphasizing that the threat remains active and continually evolves in terms of tools and techniques. Centralized cryptocurrency exchanges and applications have faced a wave of attacks in 2023, with several platforms being targeted. These attacks often involve the theft of private keys from victims' devices and the unauthorized transfer of customers' cryptocurrencies to the attackers' addresses. The FBI has accused the Lazarus Group of being responsible for the Coinex hack and the Stake attack.

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of BitKan. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. BitKan shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. Products mentioned in this article may not be available in your region.

Related News

  • USDC Dominates Tether USDT in Stablecoin Volume Race

    USDC Dominates Tether USDT in Stablecoin Volume Race

    Circle's USD Coin (USDC) secured a 70% share of adjusted onchain transaction volume during the opening six months of 2026.
    Martha Grizzard
    Jul 7, 2026
  • Ether Leads Crypto Jump; Bitcoin Holds Firm Above $63K

    Ether Leads Crypto Jump; Bitcoin Holds Firm Above $63K

    Digital assets entered Monday, July 6, 2026, on a strong trajectory, reversing performance trends from the previous month.
    Wayne Ingram
    Jul 6, 2026
  • Bitcoin ETF Outflows Hit Record $4B as Institutional Demand Fades

    Bitcoin ETF Outflows Hit Record $4B as Institutional Demand Fades

    Spot Bitcoin ETFs reached a record $4.06 billion in net outflows for the month of June 2026.
    Sherry Cantwell
    Jun 29, 2026

Latest News

Industry

Cryptocurrency

Airdrop

Markets

  • New SEC Crypto Rule to Cut Red Tape for Startup Fundraising

    New SEC Crypto Rule to Cut Red Tape for Startup Fundraising

    The U.S. Securities and Exchange Commission plans to introduce a major regulatory framework this month to simplify capital formation and reduce operational hurdles for cryptocurrency businesses.
    Martha Grizzard
    Jul 8, 2026
  • White House Admits Federal Bitcoin Fund is Still Delayed

    White House Admits Federal Bitcoin Fund is Still Delayed

    The establishment of the Strategic Bitcoin Reserve has run into severe internal friction regarding which cabinet-level agency holds authority over the asset.
    Martha Grizzard
    Jul 7, 2026
  • Senate Test for Clarity Act Could Spark Crypto Market Volatility

    Senate Test for Clarity Act Could Spark Crypto Market Volatility

    As the U.S. Senate approaches a critical vote on the Digital Asset Market Clarity Act, investment bank Jefferies has cautioned investors that the legislative process will likely trigger heightened volatility across crypto markets.
    Jerry McNeill
    Jul 1, 2026
  • SBI’s $289M Bitbank Deal Signals Japan Crypto Consolidation

    SBI’s $289M Bitbank Deal Signals Japan Crypto Consolidation

    SBI Holdings has solidified its domestic dominance by agreeing to acquire all shares of Bitbank in a transaction valued at ¥46.7 billion ($289 million), according to the company’s official disclosure.
    Cornell Rachel
    Jun 29, 2026
  • Invesco Files for Tokenized Fund to Back Stablecoin Reserves

    Invesco Files for Tokenized Fund to Back Stablecoin Reserves

    Invesco has officially filed with the U.S. Securities and Exchange Commission (SEC) to launch the Invesco Stablecoin Reserves Onchain Fund, a new vehicle designed to offer stablecoin issuers a compliant way to manage their collateral.
    Martha Grizzard
    Jun 26, 2026
View more data 
BTCBTC(BTC)
$0
--(Last 24h)
SpotFutures

Top

View more
  1. 1S&P 500 Reclaims 200-Day Moving Average, Bitcoin Gains
  2. 2Trump Softens His Stance on Reciprocal Tariffs, US Stocks and Crypto Markets Rise
  3. 3Vitalik Buterin : The current price of ETH has not been affected by the merger event
  4. 4Vibhu Norby : Solana Spaces store to bring 100K people to Solana per month
  5. 5CZ: compared with the record high nine months ago, the current situation of the industry is much better

Top Gainers

View more
Threshold Network
Threshold NetworkT

$0.004840

+41.64%
Space and Time
Space and TimeSXT

$0.008910

+25.67%
Yei Finance
Yei FinanceCLO

$0.2548

+23.74%
DeepNode
DeepNodeDN

$0.1165

+20.74%
Cash Cat
Cash CatCASHCAT

$0.2042

+16.58%

Top Trending

View more
Solana
SolanaSOL

$76.3400

-1.94%
Block Street
Block StreetBSB

$0.1444

-1.31%
LAB
LABLAB

$0.5063

-43.85%
Worldcoin
WorldcoinWLD

$0.3995

+4.20%
Audiera
AudieraBEAT

$2.2445

-15.46%

Recently added

View more
Cash Cat
Cash CatCASHCAT

$0.2042

+16.58%
Cerebras
CerebrasCBRSB

$210.140

-2.00%
Invesco QQQ Trust
Invesco QQQ TrustQQQB

$727.260

+0.09%
Palantir
PalantirPLTRB

$126.040

-0.60%
Nebius
NebiusNBISB

$220.980

+0.78%

Learn

View more
  1. 1What Is Cross-Chain Interoperability? How Does It Function?
  2. 2What is OUSD? How Does Open USD Work for Digital Payments?
  3. 3What Are Keyloggers? How Do They Drain Your Crypto?
  4. 4What is Maximal Extractable Value in crypto? How Do We Avoid MEV?
  5. 5Crypto Trading Bots: What Are They and How Do They Work?
About Us
  • About BitKan
  • Contact Us
  • Announcements
  • VIP Program
  • BitKan Ambassador
  • Institutional Services
Products
  • Spot
  • Futures
  • Crypto Prices
  • Learn
  • News
  • Markets
  • How to Buy Crypto
  • BTC to USD Calculator
  • Reward
Help
  • Help Center
  • Email Us
  • Live Chat
  • Download APP
  • Listing Application
  • Buy Bitcoin
  • Buy Ethereum
  • Buy Dogecoin
  • Buy Altcoins
Terms
  • Terms of Use
  • Privacy Policy
  • Trading Rules
  • Fee
K-Site
English
About Us
+
  • About BitKan
  • Contact Us
  • Announcements
  • VIP Program
  • BitKan Ambassador
  • Institutional Services
Products
+
  • Spot
  • Futures
  • Crypto Prices
  • Learn
  • News
  • Markets
  • How to Buy Crypto
  • BTC to USD Calculator
  • Reward
Help
+
  • Help Center
  • Email Us
  • Live Chat
  • Download APP
  • Listing Application
  • Buy Bitcoin
  • Buy Ethereum
  • Buy Dogecoin
  • Buy Altcoins
Terms
+
  • Terms of Use
  • Privacy Policy
  • Trading Rules
  • Fee
K-Site
+
  • Twitter
  • Facebook
  • Telegram
  • YouTube
  • Instagram
  • Medium
  • Linkedin
@2012-2026 BITKAN.com