Wednesday , November 25 2020

North Korean hackers may be behind malware distributed by cryptocurrrency trading platform

TNW uses cookies to personalize content and ads to
make our site easier for you to use.
We do also share that information with third parties for
advertising & analytics.

Powered by

Blockchain, cryptocurrencies, and insider stories by TNW.

Luckily, it doesn’t really do anything though

A new macOS malware packaged by a cryptocurrency trading platform has been uncovered by security researchers. The malware is believed to be the work of notorious North Korean hacking group Lazarus.

Security researcher Dinesh Devadoss tweeted their discovery of the malware yesterday. A detailed analysis of the malware can be read here.

Another #Lazarus #macOS #trojan
md5: 6588d262529dc372c400bef8478c2eec

Contains code: Loads Mach-O from memory and execute it / Writes to a file and execute it@patrickwardle @thomasareed

— Dinesh_Devadoss (@dineshdina04) December 3, 2019

The malware masquerades as a cryptocurrency arbitrage platform, a service typically used to take advantage of price discrepancies across other digital asset exchanges.

According to researchers, the malware is designed to retrieve a payload from a remote server and then run it in the infected machine’s memory.

Bleeping Computer reports that the malware goes virtually undetected by VirusTotal.

Researchers also say that there are some “clear overlaps” with another malware called AppleJeus distributed by Lazarus.

If you haven’t heard that name before, where have you been? Lazarus are nortorious for launching high value attacks going after cryptocurrency hoards.

Last year, Hard Fork reported that the hacking group had stolen more than $570 million worth of cryptocurrency across five attacks.

The malicious package, named UnionCryptoTrader was hosted on the fake arbitrage platform’s website.

The malware is programmed to run on each system reboot and collect information about the system’s serial number and OS version.

It might sound worrisome, however, the remote command and control server isn’t responding with a malicious payload. Either something is on the way, or the hacking group responsible for this malware is testing its techniques for future attacks.

As Bleeping Computer points out, exectuing a file in memory is a rare strategy for macOS -based systems and it’s just starting to gain popularity.

Luckily, this one has been spotted before anything too nefarious has happened. Update your malware definitions, stat!

H/T – Bleeping Computer

Published December 4, 2019 — 13:31 UTC

Thank you!

Copyright © 2006—2019.
All rights reserved.
Made with in Amsterdam.


About IT News Ug

Check Also

Tencent bounces hard after President Xi spooks market into $200B tech selloff

TNW uses cookies to personalize content and ads to make our site easier for you …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.