New Mac Crypto Exchange Trojan Unleashed by The Lazarus Hacking Group
THREAT REMOVAL

New Mac Crypto Exchange Trojan Unleashed by The Lazarus Hacking Group

Lazarus Group imageA well-known North Korean hacking entity, calling itself Lazarus Group has continued it’s activity after hacking Sony Films several years ago and they have now unleashed their newest creation – a Lazarus Trojan for Mac OS machines.

Kaspersky researchers have just went public about the Lazarus Group infecting the IT machines of a cryptocurrency platform, located in Asia. The group went as far as to create a Trojanized app and upload it on a website that is very well masked to resemble a legitimate one. The app itself contained a Trojan code embedded in it which infected users back in 2016. Then, the app was known as Fallchill and was classified as a Remote Access Trojan or RAT for short.




The Hacking Group Now Turns to Mac Users

Now, the latest reports have uncovered new information about Lazarus’s activity. The hacking group this time started to develop and unleash a malware which is directly hidden in the same app, in which the Fallchill malware was detected back in 2016 with the difference being that this time the app is for Mac devices. But this time they have not used the app to upload it in a modified way on fake websites, but rather pushed a malicious update via an exploit in the application itself. By doing so, the hackers were able to successfully download the malware sometime later.

The Lazarus Trojan May Be Oriented Towards CryptoExchanges

The Trojanized Trading app which Kaspersky does not want to disclose at the moment reportedly had a valid certificate which according to experts gave it an open door through most security checks on Mac devices. But the biggest mystery revolving around this certificate according to experts is that it’s sole origin is a company that is virtually a ghost as researchers struggled to find where it is based and if it even exists.

And not only this, but other cyber-security companies have also reported other malware creator groups from North Korea to also be oriented to crypto-exchanges and also other financial organizations and the malware was always from such type that it aims to obtain funds which are likely to be headed to, you guessed it, North Korea.

Related: Bancor CryptoCurrency Exchange Hacked – $13.5 Million Stolen

But the story about malware and crypto exchanges gets even more interesting as they are likely becoming the next mainstream target of cyber-crooks as for 2017 alone, the following exchanges from South Korea have become malware victims:

  • Yapizon.
  • YouBit.
  • Bithumb.
  • Coinrail.




Researchers also point out the fact that a hacking group from the magnitude of Lazarus has developed it’s RAT to work on Windows and Mac machines as well, suggesting that there are more attacks to come as it may mean that the hackers expect great rewards from such organization-oriented campaigns.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...