Bitcoin, Blockchain & Cryptocurrency News

Cryptocurrency Malware by North Korean Hackers Is Targeting MacOS Machines

Kaspersky’s Global Research and Analysis Team (GReAT) has discovered a new type of malware that poses as a legitimate trading app but is capable of wreaking havoc and goes undetected after infecting the host machine.

The perpetrators are believed to be from the Lazarus Group, a hackers collective allegedly backed by the North Korean government, known for their vicious attacks often motivated by financial objectives.

Lazarus Group Malware Targets MacOS

According to the GReAT, the new malware was built exclusively for the macOS, and it targets cryptocurrency exchanges. Notably, this appears to be the first-ever time when the Lazarus Group has designed a malware meant for the macOS ecosystem, which can be deciphered as a sign that the group is now moving on to a broader range of target platforms.

GreAT also believes that there is a Linux variant of the macOS malware, dubbed AppleJeus, which would mean the group is building different variants of its malware for different operating systems in the hope that it will prevent operating systems from interfering with the intended targets.

The researchers noted that this should be treated as a wake-up call for all non-Windows platforms — be it macOS, Linux, or any other OS.

Malware Comes From a Verified App Publisher

The most worrying aspect about the AppleJeus malware is that it piggybacks on a legit-looking cryptocurrency trading application called Celas Trade Pro. The publisher of the app has a valid digital certificate and seemingly legit domain registration records.

However, upon researching more profoundly, the Kaspersky researchers found that the business address mentioned on the digital certificate was bogus.

“When you start looking at bits and pieces behind the application, even that starts looking more and more illegitimate,” says principal security researcher at Kaspersky, Kurt Baumgartner.

No doubt, this discovery is pretty troublesome considering that it is almost impossible for a regular user to detect malware if they are pushed through apps with valid digital certificates.

How Does Operation AppleJeus Infect Targets?

Kaspersky’s GreAT unit spotted the so-called Operation AppleJeus during their investigation of a breach in a cryptocurrency exchange. Upon further analysis, they were able to figure the malware’s modus operandi.

As previously stated, the AppleJeus malware piggybacks on a legit-looking crypto trading app Celas Trade Pro. Once an unsuspecting user downloads and installs the macOS-only app, it unleashes a hidden “auto-updater” module in the background.

In a standard app, the auto-updater is designed to find and install newer versions of the app without requiring mandatory user engagement. But in the case of Celas Trade Pro, the auto-updater starts collecting information about the host machine soon after its activation.

It then sends all the information gathered from the now-infected host machine to a command-and-control (C&C) server so the perpetrators can analyze the data. If the hackers decide that the infected computer is worth targeting, they will direct the app to install another updated called FallChill, which is a nasty Trojan.

Once installed, the FallChill trojan facilitates a practically limitless remote access to the infected machine, which the attackers can exploit to steal sensitive financial data (or any data they want).

Published by
Priyeshu Garg

Recent Posts

VanEck Bitcoin Strategy ETF Will Launch Soon as Valkyrie Gets the Greenlight

Leading asset manager VanEck could launch its bitcoin futures exchange-traded fund (ETF). The platform first…

1 hour ago

Reef Finance’s REEF Token Now Listed on KuCoin Exchange

Reef Finance has announced that its native REEF token is now listed for trading on…

1 hour ago

Minto to Launch Staking on October 21, 2021

Minto is the project that allows users to get rewards in bitcoin by staking BTCMT…

3 hours ago

Cryptocurrencies Going Green: The Surging Demand For Sustainability & Eco-Conscious Technology

With bitcoin (BTC), ether (ETH), and other cryptocurrencies expanding their footprints at a dizzying pace,…

3 hours ago

Solana Based Play-to-Earn Startup MonkeyBall raises $3M From Crypto’s Top VCs and Founders

October 21, 2021 — Play-to-Earn startup and NFT game MonkeyBall has announced the completion of…

4 hours ago

NEAR Announces DeFi Incentive Program

The NEAR Protocol has announced the creation of a $350 million grants DAO, in collaboration…

4 hours ago

This website uses cookies.