Security researchers have discovered new crypto malware on MacOS, which presumably comes from the North Korea-funded hacker group Lazarus. According to malware researcher Dinesh Devadoss the malware retrieves a package from a remote location and runs it in memory, which is quite uncommon for MacOS. The malicious software hides behind a fake crypto trading platform called Union Crypto Trader.
According to Bleeping Computer most anti-virus software won’t detect the malware. Researchers see clear overlaps between the newly discovered malware and the AppleJeus operation associated with Lazarus. During these attacks the hackers used a trojanized cryptocurrency trading application. The software even had a valid certificate, but the company behind it didn’t exist.
At the moment the crypto malware isn’t doing anything harmful. It’s just collecting serial number and operating system information. However, it contains an updater. Which means there’s more to come. Lazarus is making most of its crypto malware for pc, but the interest for MacOS is growing among hackers. Traditionally the amount of new Mac malware released peaks in the last quarter of the year.
Lazarus notorious in crypto space
Last year Lazarus was responsible for 882 million dollars of stolen cryptocurrencies. These cyber criminals were behind 14 hacks on crypto exchanges, and several other hacks. Among the victims is the South Korean exchange Bithumb. They got hacked twice.
Last year North Korea supposedly hacked several cryptocurrency exchanges. Inksit Group claimed that the country was targeting South Korean cryptocurrency users since late 2017. According to the report Lazarus was one of the prime suspects.
Crypto jacking on the rise
What the intention is from the newly discovered MacOS malware remains to be seen. At the same time there’s a tremendous increase in crypto-related malware. On top of that hackers are becoming more sophisticated as well. Most of it is done by tricking the consumer into clicking and thereby activating certain software. After that cyber criminals use the computing power of devices to generate cryptocurrencies and send them to their own account. Researchers call this cryptojacking.
These hackers aren’t targeting individuals, but instead grab everything they can find. That’s why they hide their malware on YouTube or in audio files. On top of that they use scanning software to search for networks or computers that haven’t updated their security software. This way the hackers can find known exploits to install malicious software.
Also published on Medium.