MacOS Malware Affecting Crypto Exchanges
September 3, 2018 2:58 pm
It seems that cryptocurrency hacking incidents do not seem to slow down. Hackers have found a new way to target cryptocurrency exchanges. This time, they have targeted Mac OS.
Notably, MacOS is regarded as one of the most secure operating systems in the world. The OS gets regular hardware and security updates to make sure that the system is protected.
Windows has been the preferred mode of injecting malware for hackers over the years. However, the news about a Mac malware has raised concerns about the security of the platform.
The Global Research and Analysis Team (GReAt) at Kaspersky Labs have discovered AppleJeus – a new malicious software which is being operated by the Lazarus group. The group is known for several high-profile hacking incidents.
The Lazarus group were successful in penetrating an Asian cryptocurrency exchange network using a cryptocurrency trading software. This software was injected with a Trojan, a malicious code that can infect computers without the user’s notice or permission. This Trojan was aimed at stealing cryptocurrencies from users. The Windows version is already in the wild and the researchers recently identified the code targeted towards the Mac OS platform.
This incident is the first of its kind where the Lazarus group has been found to target Mac OS users. Based on GReAT’s analysis, the stock exchange was compromised when an employee of the company downloaded a third-party application for crypto-trading from a seemingly legitimate website.
The overall code of the application is not suspicious, however, the updater seems to be responsible for this breach. In a legit software, the updater is used to download a newer version of the existing program. While in the case of this malicious software, it collects the basic computer information and sends it to the command and control server which is monitored by the hacker. If the hacker sees the computer to be attack-worthy, the malware code is sent to the computer in the form of a software update. This Trojan is called FallChill and it has been used by the Lazarus group in their past attacks as well.
The Lazarus group is often linked to its roots in North Korea for its cyber-espionage and cyber-sabotage attacks. The group has been reported to attack banks and other financial enterprises as a means to steal money.
This is an urgent reminder to all computer users to be mindful when visit websites and downloading software for your system. Try to research the software or website before you proceed with downloading or sharing private information. This will keep you safe from a large number of hack and scam incidents.