North Korean hackers also known as the Lazarus APT Group have created malware targeting Apple Macs while imitating as a fake crypto firm.
On Oct. 12 Apple Mac security and principal security researcher, Jamf Patrick Wardle published a blog post about the malware that was revealed by MalwareHunterTeam (MHT) researchers just the day before.
The .dmg for Mac (with the malware in it), and the malware alone are both on VT for more than a month, but still 0 detections when last scanned. pic.twitter.com/4ag4WtX1Do — MalwareHunterTeam (@malwrhunterteam) October 11, 2019
Hackers Set Up A Fake Crypto Firm
MalwareHunterTeam said that during their warning the malware was undetected by any engines on VirusTotal ‘and the sample appears to be closely related to a strain of Mac malware created by the Lazarus Group and identified by Kaspersky Labs back in summer 2018.’
The hackers set up a fake crypto firm just like the previously bu this time they went by the name “JMT Trading”.
They made their attack with an open-source crypto trading app where they uploaded its code on GitHub wherein the malware was contained within it.
‘Wardle analyzed the installation process for the app, identifying the suspicious package and launch daemon concealed within it and analyzing the malicious functionality of the hackers’ backdoor script.’
The backdoor actually allows for remote attackers the complete control over the infected macOS.
The apple mac security and researcher said that the security tools of open-source should have no problem in detecting the malware. However, he said that VirusTotal engines were not picking it up at the time of writing.
He also said that the targets of the malware are crypto exchange employees rather than everyday investors.
North Korea to Develop Own Cryptos
North Korea is reportedly developing its own cryptocurrency similar to Bitcoin (BTC).
On 18th Sept it was reported that it is developing its own cryptocurrency in evade international sanctions and to fight against “the U.S. dominated global financial system.”
Source: Cointelegraph.com | Image: GettyImages