Kaspersky Lab: North Korea Hacks Cryptocurrency Exchange With 'First' macOS Malware

pubblicato su by Cointele | pubblicato su

North Korean hackers have infected a cryptocurrency exchange with malware for both Windows and macOS for reportedly the first time, Russian internet security company Kaspersky Lab announced Thursday, August 23.

In Kaspersky's report, the company reveals the malware - dubbed "AppleJeus" - made its way into the systems of an unnamed exchange after an employee downloaded a "Tainted" app.

Kaspersky now believes the app came from a fake developer with fake security certificates in a major operation by North Korean hacker collective Lazarus Group.

The malware aimed to steal cryptocurrency funds, Kaspersky claims, in what marks the latest in a spate of both successful and failed attempts by North Korea in the crypto hacking space.

"A version for Linux is apparently coming soon, according to the website. It's probably the first time we see this APT group using malware for macOS.".

South Korean exchanges have traditionally been the targets for Lazarus, with a rash of complaints surfacing with regard to attacks on platforms such as Bithumb, YouBit, and Coinlink.

"The fact that they developed malware to infect macOS users in addition to Windows users and - most likely - even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation."

In early July, a group of security researchers had discovered macOS malware attacks targeting Slack and Discord users talking about cryptocurrencies, with hackers impersonating "Key people" in crypto-related chats and then sharing "Small snippets" that are downloaded and execute a malicious binary.

x