PANews|May 26, 2026 00:58
[North Korean Hacker Group Lazarus Deploys Fileless Trojan RemotePE to Attack Crypto Companies and Banks]
According to Cryptopolitan, cybersecurity analysts have discovered a new type of fileless remote access trojan (RAT) called RemotePE. The Lazarus Group, a cybercrime organization believed to be linked to North Korea, is reportedly using this trojan to target banks and cryptocurrency companies. The trojan operates entirely in memory, making it difficult for traditional antivirus and forensic tools to detect. Attackers impersonate trading company employees via Telegram and use fake Calendly and Picktime links to conduct social engineering attacks. The malware is chain-loaded in three stages through DPAPILoader, RemotePELoader, and RemotePE, with the entire process avoiding interaction with the file system. It employs process hollowing, anti-analysis checks, and encrypted C2 communication to evade detection.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink