North Korea hacking group known as Lazarus is believed to be behind a newly detected malware distributed by a crypto trading platform.
4 December 2019 | AtoZMarkets – A new and hard-to-detect macOS malware variant has been discovered lurking on a fake cryptocurrency trading site.
According to the recognized Malware Researcher Dinesh Devadoss, another crypto-related macOS trojan has been discovered. As the researcher suggested, this malware may be related to the notorious North Korea hackers Lazarus.
New malware emerges from North Korean Lazarus group
As per an in-depth analysis of the malware, Lazarus Group tends to target users and administrators of cryptocurrency exchanges. In general, they promote this malware through fake cryptocurrency companies and trading applications.
The malware was detected on a website called UnionCrypto.vip. Apparently, this firm was offering cryptocurrency arbitrage solutions for traders. However, this was a fake website created to spread this malware.
Surprisingly, the malware can be detected by just a few anti-viruses in the market. The Lazarus Group has been improving its strategy trying to enhance its stealth while operating.
Another #Lazarus #macOS #trojan— Dinesh_Devadoss (@dineshdina04) December 3, 2019
Contains code: Loads Mach-O from memory and execute it / Writes to a file and execute it@patrickwardle @thomasareed pic.twitter.com/Mpru8FHELi
According to researchers, the malware is designed to retrieve a payload from a remote server and then run it in the infected machine’s memory. Bleeping Computer reports that the malware goes virtually undetected by VirusTotal.
Researchers also say that there are some “clear overlaps” with another malware called AppleJeus distributed by Lazarus.
North Korea and cyber attacks
This is not the first time that North Korea was accused of being behind other cryptocurrency exchange hacks and malware released on the internet. Last year, World-renowned cybersecurity unit Group-IB reported that the hacking group had stolen more than $570 million worth of cryptocurrency across five attacks.
North Korea is attempting to exploit cryptocurrencies to get around US sanctions. Hence, the reason hackers from the country are believed to be behind a rash of crypto crimes.
Since the beginning of 2019, North Korean agents have reportedly attempted five major cyber-thefts worldwide. These include a successful $49 million theft from an institution in Kuwait. Nevertheless, Kim Jong-un’s regime recently denied North Korea has been using an army of hackers to siphon off $2 billion from the world’s crypto exchanges and banks.
Think we missed something? Let us know in the comments section below.