North Korean hacker group Lazarus Group deploys fileless RemotePE Trojan to target cryptocurrency firms and banks

According to Cryptopolitan, the North Korea–linked hacker group Lazarus Group has been found deploying the fileless remote access Trojan RemotePE, primarily targeting banks, cryptocurrency exchanges, and fintech companies. This malware runs entirely in memory and employs process hollowing, anti-analysis detection techniques, and encrypted C2 communications—making it difficult for traditional antivirus and forensic tools to detect. The report states that attacks typically begin with Telegram-based social engineering: attackers impersonate employees of trading firms and lure victims into installing malicious software using forged Calendly and Picktime links, ultimately executing the payload without touching the file system.