TechFlow news: On May 26, Cryptopolitan reported that the North Korea–linked hacker group Lazarus Group was found deploying the fileless remote access trojan RemotePE, primarily targeting banks, cryptocurrency exchanges, and fintech companies. This malware runs entirely in memory, leveraging process hollowing, anti-analysis detection techniques, and encrypted C2 communications—making it difficult for conventional antivirus and forensic tools to detect.
The report states that attacks typically unfold via Telegram-based social engineering: attackers impersonate employees of trading firms and use spoofed Calendly and Picktime websites to lure victims into installing malicious software, ultimately executing the payload without touching the file system.
