An international hacker group uses a `` fake virtual currency trading application '' to develop an attack that hijacks a Mac
The international hacker group Lazarus Group (HIDDEN COBRA) is suspected of being linked to North Korea and is conducting attacks targeting financial institutions around the world. It turned out that such a Lazarus group was making an attack that hijacked macOS by creating a “fake virtual currency trading app”.
Pass the AppleJeus
North Korea-linked hackers revive cryptocurrency scam to hijack macOS
In October 2019, Patrick Wardle , a Mac- related security expert, announced the attack method targeting the Mac by the Lazarus Group. The attacks revealed this time revealed that the Lazarus Group had made careful preparations, including the establishment of a fictitious company called JMT Trading .
JMT Trading was said to have been a front company with an official website, saying that they developed an open source virtual currency trading app and shared the application source code on the software development platform GitHub . Wardle pointed out in his blog that the source code was actually malware.
Malware installed in the source code of the virtual currency trading application can take over the macOS installed on the Mac when the Mac user downloads the code. Wardle says the malware has given hackers “ability to execute commands remotely” on the victim's Mac.
Mr. Wardle pointed out that this attack targeted virtual currency exchange employees, commenting, `` If you are not a virtual currency exchange employee, you will not have to worry about infection. '' .
In recent years, attacks on virtual currency exchanges by North Korean hackers have become active, and Pyongyang hackers gained foreign currency and virtual currency equivalent to about $ 670 million (about 72 billion yen) by illegal means It is also said that Security company Group-IB estimates that about 65% of the hacking of cryptocurrency exchanges in 2018 was due to North Korea.
North Korea earns money by virtual currency hacking, and the amount of damage is more than 60 billion yen | Forbes JAPAN
The Lazarus Group has been attacking Mac users in a similar way in the past. In 2018, the Russian security company Kaspersky revealed the Lazarus Group's attack method by setting up a fake front company called Celas Limited and distributing Trojan malware.
This malware was also targeted at macOS, and it was charged with an updated version of the virtual currency trading application. This attack can be traced to the case of 2018, and the Lazarus Group seems to have refined the technique of “creating a front company that looks like a legitimate company and secretly spreading malware”.