Lazarus Group Targets Cryptocurrency Exchange, Deploying Their First MacOS Malware

The hacking group Lazarus based in North Korea has deployed a new malware according to a report shared by the Russian anti-virus maker Kaspersky Lab, and for the first time they are using MacOS platform. The group has penetrated the IT systems of a cryptocurrency exchange platform based in Asia.

“The company was breached successfully, but we are not knowledgeable of any financial loss,” Vitaly Kamluk, Head of GReAT APAC at Kaspersky Lab advised. “We assume the threat was isolated based on our notification.”

The Exchange Was Hacked Due To An Employee’s Mistake…..

The operation was given a codename of AppleJeus and took place after one of the exchange’s employees downloaded an application from a apparent legitimate website which claimed to be a company that is developing cryptocurrency trading software and indeed the app was fake and infected the employee’s computer with a malware. The app was downloaded contained the remote access trojan named FallChill which is known to be from Lazarus Group since 2016 and when it was deployed for the first time in live campaigns.

The hackers have also deployed a Mac malware which is an unusual thing from this group as the malware was hidden in the same cryptocurrency trading software. The security researchers are saying that the malware wasn’t visible inside the tainted application because the hackers have modified the update component. You can read Kapersky Labs full report on the matter here.

……But The Software Certificate Was Signed By Genuine Developer

The main problem is the application was signed by the valid digital certificate thus allowing it to bypass the security scans. Kaspersky experts said that they were not able to prove the certificate’s address and their final comments on the matter were;

“This should be a lesson to all of us and a wake-up call to businesses relying on third-party software. Do not automatically trust the code running on your systems. Neither good looking website, nor solid company profile nor the digital certificates guarantee the absence of backdoors. Trust has to be earned and proven. Stay safe!”

Kaspersky Labs didn’t point out the specific hacked cryptocurrency exchange but there are a lot of cryptocurrency exchanges that have suffered great loses due to hacks recently. Some of the recent hacks involved Bithubm, Yapizon, YouBit and Coinrail.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil