> TritonInfoSec News
Home / May 26, 2026 / Story
0
#5 The Hacker News general May 25, 2026 at 09:32 UTC

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

By [email protected] (The Hacker News)

AI Summary

Fox-IT (NCC Group) has detailed RemotePE, a memory-only, cross-platform RAT deployed by North Korea's Lazarus Group against financial and cryptocurrency firms via a multi-stage chain using loaders DPAPILoader and RemotePELoader. The fileless execution approach makes RemotePE difficult to detect with traditional endpoint tools. Financial sector defenders should update detection rules to cover DPAPI-based decryption chains and in-memory PE loading patterns associated with Lazarus TTPs.

Read full article → https://thehackernews.com/2026/05/lazarus-deploys-…

Relevance score: 82.0/100

# More from May 26

  1. 1
    Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Krebs on Security
  2. 2
    Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks The Hacker News
  3. 3
    Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack SecurityWeek
  4. 4
    TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO The Hacker News
  5. 6
    FBI warns of Kali365 phishing service targeting Microsoft 365 accounts BleepingComputer
  6. 7
    Laravel-Lang Packages Poisoned for Malware Delivery SecurityWeek
  7. 8
    Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects SecurityWeek
  8. 9
    DocketWise Data Breach Impacts 143,000 SecurityWeek
  9. 10
    266,000 Affected by Data Breach at Radiology Associates of Richmond SecurityWeek