North Korean hackers no longer infiltrate Crypto Exchange in First-Ever MacOS Hack

North Korean hackers no longer infiltrate Crypto Exchange in First-Ever MacOS Hack

Thailand's notorious cyber-hacking outfit, "Lazarus Group", has reportedly used a MacOS-based malware to infiltrate cryptocurrency exchanges and applications, according to Kaspersky Labs.

North Korean attackers are hitting

To date, Lazarus remains an unknown entity, without information about the number of individuals who identify with the outfit. Lazarus caused a furore in 2009 after the launch of a worldwide Distributed Denial of Service (DDoS) attack against the South Korean government in 2009.

Related: Kaspersky Labs reveals tactics used by criminals to steal cryptocurrencies

The group also became known after Sony's attacks in 2014 and stealing more than $ 15 million from a Spanish bank in 2015. Now the group has launched its very first MacOS-based virus, targeting 2018 & # 39; s most notorious cybercrime-cryptojacking.

According to the report, Lazarus infiltrated the computer systems of an Asia-based cryptocurrency exchange, keeping his identity safe.

Vitaly Kamlut, head of Kaspersky's global research and analysis team in the APAC region, revealed that the stock market had no financial losses, at least not as far as they knew. The investigator also stated that the relevant exchange could successfully eradicate the threat after Kaspersky had informed them.

Employee discovers attacks

Kaspersky Labs used the pseudonym of "Operation AppleJeus" to discover the nefarious agency behind the hack. The company was first informed of the misconception after an employee had downloaded a cryptocurrency application from a legitimate-looking website dedicated to crypto-trading.

Related: Kaspersky Labs reveals tactics used by criminals to steal cryptocurrencies

However, the employee quickly discovered that the application was fraudulent and infected with malware. The program ran on Windows and automatically connected to the Internet and downloaded "Fallchill", a RAN (Remote Access Trojan) virus that has been identified as the typical attack by the Lazarus Group, at least since its deployment in political campaigns in 2016.

The Windows targeting Lazarus went a step further for this case and created a MacOS counterpart for Fallchill, which hidden the tension in the Mac version of the crypto-trade app.

Researchers noted that the virus was not embedded in the code frame of the infected application. Instead, the updated component has been modified with code to download the malware when a user has installed the application. Such a step avoided that the crypto-trade app was not highlighted during the first download.

Fake Digital Certificate

Researchers also discovered that the application was signed by a secure digital certificate, despite the fact that it contained a trojan, allowing the malicious download code to circumvent various security checks.

The biggest mystery in this respect, however, was that Kaspersky researchers could not find and verify an address for the location of the digital signer company, ie it did not exist at the addresses provided.

Kamlut stated:

"The fact that they have developed malware in addition to Windows users to infect MacOS users and – probably – even created a completely fake software company and software product to deliver malware that was not discovered by security solutions."

Kamlut believes that the development in the near future will mean greater movements of Lazarus, potentially leading to "big gains & # 39; for the outfit to be generated.

Although Kaspersky did not reveal the name of the infected exchange, the company noticed that North Korean attackers have shown "great interest" in infiltration fiat and digital financing companies to route stolen money to their country.

Cover photo by Ciaran O & # 39; Brien on Unsplash

Disclaimer: The opinions of our writers are solely their own opinion and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be considered as investment advice, nor does CryptoSlate endorse a project mentioned in this article or to which it is linked. Purchasing and trading of cryptocurrencies must be regarded as a high-risk activity. Carry out your own due diligence before you take any action regarding content in this article. Finally, CryptoSlate takes no responsibility if you lose money that trades cryptocurrencies.

Did you like this article? Join us.

Receive blockchain news and crypto-insights.

Join us on Telegram

Shaurya Malwa Author

Shaurya Malwa

After having recreated his first bitcoins in 2012, there was no review of Shaurya Malwa. After graduating from the University of Wolverhampton, Shaurya ventured directly into the world of cryptocurrency and blockchain. Using a hard approach to article writing and crypto-trading, he finds his true self in the world of decentralized ideologies. When he does not write, Shaurya builds his culinary skills and trades the big three cryptocurrencies.

View author profile

Source link

Leave a Reply