Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations.

RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader.

"DPAPILoader decrypts and



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/05/lazarus-deploys-remotepe-memory-only.html