Lazarus Group Targets Financial Firms with RemotePE Malware

Security researchers have identified RemotePE, a cross-platform malware used by North Korea-linked Lazarus Group to attack financial and cryptocurrency organizations. The malware operates as part of a sophisticated multi-stage attack chain involving two loaders: DPAPILoader and RemotePELoader. DPAPILoader functions to decrypt and execute subsequent malicious payloads, while RemotePELoader facilitates the deployment of RemotePE in memory without writing to disk. This memory-only approach makes detection difficult for traditional security tools. The campaign specifically targets organizations handling digital assets and financial services, highlighting persistent threats to India's growing crypto and fintech sectors. Source: NCC Group/Fox-IT Research.