Posted on

North Korean Hackers Unleash Mac Malware On Crypto Exchanges

It seems that the only thing on the rise in the crypto industry at the moment is malware, not prices. Cyber security researchers have recently revealed more crypto-centric malware emerging from North Korea.

According to a detailed summary by Russian computer security firm Kaspersky, North Korean hacker group Lazarus has been highly active in recent months. The cyber criminals have “successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and fintech companies,” according to the report.

The malware, named ‘AppleJeus’, was inadvertently downloaded by an employee of an unnamed crypto exchange. The security researchers claim to have made the unexpected discovery while investigating the attack by the group on the exchange. It revealed the victim had been attacked by a trojan crypto trading application recommended to the company via email.

After downloading the malicious software the victim’s computer was infected by Fallchill malware which Lazarus had previously used. Kaspersky went on to state that it was the first time the group had deployed malware for other operating systems;

“To ensure that the OS platform was not an obstacle to infecting targets, it seems the attackers went the extra mile and developed malware for other platforms, including for macOS. A version for Linux is apparently coming soon, according to the website. It’s probably the first time we see this APT group using malware for macOS.”

The payload came via a convincing but fake website as the group strives to reach new levels of sophistication. The actual Trojan arrived as an update to the trading app which is a further attempt to mask its presence. The Celas Trade Pro software from Celas Limited showed no signs of malicious behavior and looked genuine according to the research.

In addition to the Mac version was a Windows version of the spurious trading program in a downloadable file called celastradepro_win_installer_1.00.00.msi. Once installed the Updater.exe module will deliver the payload which is designed to steal cryptocurrency.

Kaspersky continued with a lengthy breakdown of how the malware operates and what they have discovered about the bogus company. In reference to Lazarus it added “Recent investigation shows how aggressive the group is and how its strategies may evolve in the future.” South Korean exchanges have been the target of Lazarus before with a number of reports of attacks earlier this year.

Crypto markets may be in decline but attempts to steal digital assets by hacker groups are definitely taking the opposite trend.

loading…