Bitcoin Forum

There is a new malware called NiceRAT that has been seen in the wild recently and it was deployed by threat actors to target South Korea. And just like other malwares that has been observed already, they deployed it through under the guise of who else, Microsoft products Microsoft Windows and Microsoft Office (so another reason not to used Windows OS and at least try MacOS or Unix flavored OS.)

Yes, the initial target is South Korea, but who knows, this is just the beginning and the threat actors might go and deployed it world wide.

And then the questions, what is the connection of this malware to a crypto enthusiast standpoint? Well you can check below the targeted crypto wallets,

https://www.talkimg.com/images/2024/06/20/hZ2Yz.png

https://asec.ahnlab.com/en/66790/

So again, precautionary measures here, if we can involved ourselves with tons of money in crypto, then do not try to attempt to used crack softwares to update your OS or everything that involves Windows.

I will not say that Windows OS is not vulnerable and that other OS are not better, but it would be wrong to say that the operating system itself is to blame for everything bad that happens to crypto users. Regardless of which OS they use, the real truth is that people are the weakest link and in most cases their ill-considered actions result in the loss of digital assets.

All those who use Windows just need to have good operational security, which means that they should use hardware wallets, not download cracks/piracy software and have one of the better antiviruses+firewall.

And it makes me wonder again, why South Korea?

With that, I'm under the impression that the culprit of this malwares are from their neighboring North Korea. And as what he have heard from reports, North Korea has been targeting South Korean's crypto exchange for years and have been successful in hacking and stealing millions.

Everyone should really be careful and be vigilant with this kind of modus from hackers

Application softwares like MS brands are commonly use, which was a preferable avenue for these hackers to aim at their target. Am not so sure of who is behind this because there isn't full evidence, but I wonder why south korea has become a major target. Are they even on the top ten list of countries with the most Bitcoin holdings?.

You are, of course, right, but there are some differences in both systems. In Linux, you cannot install any software without the administrator's permission, which is a different feature from the Windows system. For example, the same RAT can be picked up completely by accident by clicking on a self-extracting archive, which can later be difficult to detect, and work masquerading as normal Windows processes. I say this because I had experience with a similar infection, which sobered me up and made me an ardent supporter of Linux. I don't claim to be an experienced user, but I can say that after several years of working with Linux, I have never had any "random surprises." But so as not to cause unnecessary controversy, you are ultimately right. The one who sits at the monitor will always be the root cause of his troubles.

Cut off their internet. Nothing of value will be lost.

Because it's easier to target a niche with this kind of attack, so by using Korean language software cracks and you have the advantage of wealthy victims and less competition as trying to infect users on a global scale might not give the same results versus effort.


Sorry but out of a thousand reasons not to use Windows this is not one of them.
Downloading a cracked version of windows is from start asking for trouble and it's no different from downloading some unverified shady Linux distribution from a website and not the official release.
If it would have been about an app or a game, sure, but this is not!

And who do you think targets South Korea with a passion?

Yes, you are correct, it is North Korea, and specifically the Lazarus Group which is the cybercrime organization operating there under state orders.

And they've targeted South Korea assets before, so it's not like this is the first time or anything. They must really, really hate each other to keep going back and forward like this.


Most of the North Korean address space has already been blocked by DDoS protection services and firewalls so this is probably using botnets to distribute the malware.

Its not that we cannot make use of windows OS, we only have to be minded of using our crypto wallet on airgaped device, this is meant to be on a separate device other from the one we use in making our daily internet connectivity's, being online could place one on a fast track means to getting hack if care is not taken, because of you make downloads or click on links and visit some site, you're already under an attack, hackers can come in through any means common to these.