News Lazarus Group Deploys Its First Mac Malware in Cryptocurrency...

Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack


- Advertisment -

Lazarus Group

Lazarus Group, the North Korean hackers who hacked Sony Films a few years back, have deployed their first Mac malware ever, according to Russian antivirus vendor Kaspersky Lab.

In a report shared with Bleeping Computer in advance, Kaspersky researchers reveal that Lazarus Group penetrated the IT systems of an Asia-based cryptocurrency exchange platform.

The hack of this platform was not reported in the media as of yet, a Kaspersky spokesperson told Bleeping Computer.

“The company was breached successfully, but we are not aware of any financial loss,” Vitaly Kamluk, Head of GReAT APAC at Kaspersky Lab told Bleeping Computer via email today. “We assume the threat was contained based on our notification.”

Exchange hacked after employee downloads trojanized app

The hack, which Kaspersky Lab analyzed under the codename of Operation AppleJeus, took place after one of the exchange’s employees downloaded an app from a legitimate-looking website that claimed to be from a company that develops cryptocurrency trading software.

But the app was a fake and infected with malware. On Windows, the app downloaded and infected users with Fallchill, a remote access trojan (RAT) known to be associated with the Lazarus Group since at least 2016, when it was deployed for the first time in live campaigns.

But unlike previous Lazarus operations, the hackers also deployed a Mac malware strain, something they have not done before. The malware was hidden inside the Mac version of the same cryptocurrency trading software.

Experts say that both the Windows and Mac malware wasn’t visible inside the tainted app. Lazarus operators did not embed the malware inside the third-party app directly but merely modified its update component to download the malware at a later date.

The mystery of the malware’s certificate

Furthermore, the trojanized cryptocurrency trading software was also signed by a valid digital certificate, allowing it to bypass security scans.

The big mystery surrounding this certificate is that it was issued by a company that Kaspersky experts said they weren’t able to prove it ever existed at the address in the certificate’s information.

“The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future,” Kamluk says.

Kaspersky didn’t name the hacked cryptocurrency exchange

Several cyber-security firms have pointed out many times this year that since the start of 2017, North Korean hackers have shown great interest in penetrating cryptocurrency exchanges and financial institutions, from where they steal funds that they later bring back into North Korea.

In the past year, several Asian cryptocurrency exchange platforms suffered security incidents, primarily exchange platforms located in South Korea. Hacks have been reported at Bithumb, Yapizon, YouBit, Coinrail, and Bithumb again.

Kaspersky did not reveal the name of the cryptocurrency exchange at the center of its report, but told Bleeping Computer

This week, US cyber-security firm Trend Micro reported a supply-chain attack on South Korean organizations, but did not attribute the hack to North Korea, nor did it specify that the hack targeted a cryptocurrency exchange platform.

“We  are aware of waves of attacks on supply chains in South Korea this year, but AppleJeus is unrelated to these attacks,” Kamluk told Bleeping Computer. “The victim was not located in South Korea.”

Article updated post-publication with additional comments from Kaspersky.

Source link


Please enter your comment!
Please enter your name here

Latest news

Banking Sector is Ready for a Tech Revolution With Cryptocurrency

When our world is going through a massive change due to COVID-19blow, it is very likely that...

OpenDAO’s Bridge Opens New Possibility for Mass Adoption of DeFi

When Satoshi Nakamoto officially created Bitcoin on January 3, 2009, his vision for the digital asset was...

Crypto’s price surge was mostly due to limited information – here’s why

As the world becomes more and more digitized, the usage of one of the most popular cryptocurrencies,...

U.S. Authorities Seized Bitcoin Worth a Total of $1 billion

The cryptocurrencies were in the possession of a person who had hacked Silk road, which was detected...
- Advertisement -

Top 12 BEST Crypto Trading Bots for 2020

TL;DR: In this article, we present a list of the best Crypto Trading Bots of 2020. If...

Norwegian Block Exchange aims at becoming an official bank

Norway is famous for its economic stability and living standards. It is true that Norwegian love doing...

Must read

OpenDAO’s Bridge Opens New Possibility for Mass Adoption of DeFi

When Satoshi Nakamoto officially created Bitcoin on...
- Advertisement -

Read Next
Recommended to you