Apple macOS Under Malware Attack From N.Korean Hackers Posing As Fake Cryptocurrency Companies

Several sites are reporting today that hackers believed to be sponsored by North Korea have discovered an unusual way to attack Apple Macs. The reports are based on research published last Sunday, which revealed that the most recent attack was launched on macOS by the Lazarus Group. This group is considered by numerous cybersecurity companies as well as by the US government to be supported by North Korea.

In a blog post, Apple Mac Security Specialist and Principal Security Researcher at Jamf Patrick Wardle released a blog post last October 12 charting the nature of the malware, as exposed by MalwareHunterTeam (MHT) researchers on October 11. At the time the post was released, the firm claimed that the malware is still undetected by any kind of engines on VirusTotal. Additionally, the sample seems to be closely associated with the strain of macOS malware made by the Lazarus Group and determined by the Kaspersky Lab in the summer of 2018.

Jamf Patrick Wardle revealed the hackers' mode of operation. According to the security specialist, the hackers made a fake company with all the necessary details to make it legit, including an official website. The North Korean hackers also set up a front firm named JMT Trading and made an open-source cryptocurrency trading app and posted it on Github, which is a code-sharing site.

Concealed within the code is a malware that, when downloaded by a target Apple PC, would get the hacker the access and allow him to do anything he wants to do on the computer. Wardle stated in the blog post that these hackers have the ability to execute commands remotely that give a remote attacker extensible and total control over an infected macOS system. Aside from this, the hackers can step up by reaching out to administrators and users of cryptocurrency exchanges, asking them to test and give feedback on their latest app.

Over the years, North Korea has continuously attempted to find a way to get into the coffers of cryptocurrency with a good amount of success. Last August, several reports revealed that it had raked as much as $2 billion by just hacking into a variety of cryptocurrency companies and traditional banks. Some of these funds reportedly go into aiding in the development of state developed weapons of mass destruction.