Lazarus Group developed First MacOS Malware targeting Cryptocurrency Exchange
Lazarus Group, hackers from North Korea who hacked Sony Films a few years back, have build their first Mac malware.
In a report Kaspersky researchers expressed that Lazarus Group attacked on the computer systems of an Asia-based cryptocurrency exchange site. The media is unaware about hack of this platform.
“The company was breached successfully, but we are not knowledgeable of any financial loss,” Vitaly Kamluk, Head of GReAT APAC at Kaspersky Lab advised. “We assume the threat was isolated based on our notification.”
How the exchange hacked?
This hack took place after exchange’s employees downloaded an application from a legitimate-looking website that claimed to be from a company that is developing cryptocurrency trading software. This hack was analyzed by Kaspersky Lab which named the codename of Operation as AppleJeus.
This application was fake and infected the employee’s system with a malware. The app contained the remote access trojan named FallChill which is known to be from Lazarus Group. It was deployed earlier in 2016 for the first time by Lazarus.
This malware was hidden in that cryptocurrency trading software. The researchers stated that the malware wasn’t visible inside the app because the hackers have modified the update component of the application.
Details of trojanized application:
File Size: 15,020,544 bytes
File Type: DMG disk image
Known file name: celastradepro_mac_installer_1.00.00.dmg
Date of creation: 13 July 2018”
Secret behind the Software’s Certificate…
This trojanized app was also signed by a valid digital certificate hence allowing it to bypass security scans.
Kaspersky reported that it is not easy to prove their certificate’s address of this app.
Kaspersky Researchers didn’t specified exact hacked exchange but there are more lot of cryptocurrency exchanges that are in lose due to recent hacks. Bithubm, Yapizon, YouBit and Coinrail are the some of the recent hacks.