The malware has been spread through a cryptocurrency exchange hack
Lazarus Group, the North Korean hacker group responsible for the attack on Sony films a few years ago, has launched its first malware for MAC, according to cyber security organization specialists from the International Institute of Cyber Security. In a recently published report, researchers reported that Lazarus penetrated the IT systems of an Asia-based cryptocurrency exchange platform.
The attack on this platform has not been reported to the media so far; however, cyber security organization specialists claim that hackers have successfully penetrated the systems, although there is still no record of economic loss.
The exchange was hacked due to a malicious app
The hack took place after one of the stock exchange employees downloaded an app from an apparently legitimate website that claimed to belong to a software development company for cryptocurrency trade. But that site was fake and the app was infected with malware. In Windows, the app downloaded and infected users with Fallchill, a remote access Trojan (RAT) known its links with Lazarus Group.
On this occasion, unlike earlier Lazarus operations, hackers also deployed a malware strain for Mac. This malware was hidden within the Mac version of the same fake cryptocurrency trading software.
Cyber security organization experts mention that both Windows and Mac malware were not visible within the infected app. The Lazarus operators did not integrate the malware directly into the app, but they simply modified their update component to download the malware later.
In addition, the contaminated cryptocurrency trading software was also signed by a valid digital certificate, which allowed it to bypass security scans.
The enigma surrounding this certificate is that it was issued by a company whose existence could not be demonstrated in the direction of the certificate’s data.
For the researchers in charge of the report, the fact that this malware was designed to infect MacOS users in addition to Windows and even created spoofed software company means that attackers see great economic potential for this operation.
Several cyber security organization firms have repeatedly pointed out that, since the beginning of 2017, North Korean hackers have shown great interest in intervening cryptocurrency stock exchanges and other financial institutions, from where they steal funds that are further lead to Asian territory. Last year, several Asian cryptocurrency exchanges suffered security incidents, mainly those established in South Korea.