PANews reported on May 26th that, according to Cryptopolitan, cybersecurity analysts have discovered a new fileless remote access Trojan (RAT) called RemotePE. The Lazarus Group, a cybercrime organization believed to be linked to North Korea, is reportedly using this Trojan to attack banks and cryptocurrency companies. This Trojan runs entirely in memory, making it difficult to detect with traditional antivirus and forensic tools. Attackers impersonate employees of trading companies via Telegram, using fake Calendly and Picktime links for social engineering attacks. The malware is chained through three stages: DPAPILoader, RemotePELoader, and RemotePE, without touching the file system. It evades detection by using process hijacking, anti-analysis checks, and encrypted C2 communication. This malware was first discovered in September 2025.

In the first four months of 2026, the Lazarus group stole approximately $577 million in crypto assets, accounting for 76% of the total global crypto theft. Since 2017, the group has stolen a total of $6 billion.