Home News Lazarus Group Using Fake Site to Hack MacOS

Lazarus Group Using Fake Site to Hack MacOS

Apple Notarization, operational technology

Security researchers recently disclosed another potential attack from the North Korea-linked hacking group named Lazarus. It’s said the recent attack is a rework of the hacking group’s previous exploits.

According to Apple Mac security specialist Patrick Wardle, the hacking group is using fake cryptocurrency trading software to break into MacOS systems.

Wardle said the hackers created a fake company JMT Trading with an official-looking website and wrote an open-source cryptocurrency trading code, which was hosted on GitHub.

Hackers inserted a piece of malicious code in the open-source code that gives access to remotely execute commands on the victim’s device. The malicious code enables attackers to get control over the infected MacOS system, according to Patrick Wardle.

“While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a Trojanized cryptocurrency trading application,” the researcher said in a statement.

Lazarus Group is repeatedly trying to find a way into cryptocurrency funds. In 2018, Kaspersky Lab uncovered AppleJeus, a malicious operation by Lazarus group to intrude on cryptocurrency exchanges and applications.

According to an official report, Kaspersky Lab’s Global Research and Analysis Team (GReAT) discovered the unusual activity of attackers who penetrated into the network of an Asia-based cryptocurrency exchange using Trojanized trading software to steal cryptocurrencies. Vitaly Kamlut, the head of GReAT, stated that the cryptocurrency exchange did not encounter any financial losses during the incident.

Kaspersky stated the incident occurred after an employee downloaded a cryptocurrency application from a look-a-like website of a company that is dedicated to crypto trading. The malicious update installs a Trojan known as Fallchill that provides the hackers unlimited access to the compromised computer network system, allowing them to steal sensitive information or to deploy other viruses for exploitation.