Philippine basketball

North Korean hacker group targets macOS with cryptojacking malware

Kyle Chua

This is AI generated summarization, which may have errors. For context, always refer to the full article.

North Korean hacker group targets macOS with cryptojacking malware
Security firm Kaspersky Lab claims this is the first time that the cybercrime group, Lazarus, distributed malware that targets macOS users

MANILA, Philippines – Lazarus, a notorious North Korean hacker group is said to be responsible for recent breaches of several global banks and cryptocurrency exchanges, according to security firm Kaspersky Lab.

The group is suspected of having developed and deployed a malware that can remotely and secretly take over a computer in a campaign to steal cryptocurrency.

Kaspersky Lab traced one such attack back to an email that convinced a company employee to download a third-party cryptocurrency trading app that was actually a Trojan, a harmful program in disguise. The app contained a malware strain called Fallchill, a tool employed by the suspected cybercrime group in the past. (READ: Hackers target smartphones to mine cryptocurrencies)

The researchers claim that the app in question, called Celas Trade Pro, “showed no signs of malicious behavior” and “looked genuine.” They later discovered that the installation package downloaded from the Celas website confirmed the presence of a suspicious updater that would deploy the malware.

“First it (the app) collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update,” Kaspersky Lab explained.

Mac attack

Kaspersky has also learned that the Lazarus developed the malicious software for both Windows and Mac operating systems. While the app functions the same way for both platforms, this appears to be the first time the cybercrime group has targeted the macOS. (READ: Cryptocurrency mining hijackings up 8,500% – Symantec)

“The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future,” the researchers said. “For macOS users this case is a wakeup call, especially if they use their Macs to perform operations with cryptocurrencies.”

When the researchers investigated Celas, they found that the website domain was paid for using cryptocurrency and had a ramen shop as its physical address; leading them to suspect that the company was just created by the North Koreans.

Lazarus is behind a number of highly-publicized attacks including the Sony Pictures breach in late 2014 that gave the hackers access to the company’s internal emails and unreleased films.

Kaspersky Lab warns businesses relying on third-party software to be vigilant of Lazarus’ sophisticated operations. “Do not automatically trust the code running on your systems. Neither good-looking website, nor solid company profile nor the digital certificates guarantee the absence of backdoors. – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Loading
Download the Rappler App!