Lazarus Group, a notorious gang of cybercriminals associated with the North Korean government has released a malware campaign that specifically targets crypto exchanges, and uses Apple’s MacOS to get into users’ computer systems. They seem to have come up with a crypto trading app that exploits the software of the MacOS to hack into the devices owned by victims. These findings were unveiled by researchers of Kaspersky Labs, one of the key cybersecurity companies. This is the first time that Apple has found itself to be at the bullseye for hackers.
Lazarus is known to have a high success rate, having allegedly carried out the infamous WannaCry cyber attacks of 2017 under instructions from the government of North Korea. It is even said to be the mastermind behind some of the largest cybercrimes the world has known, robbing banks of millions of Pounds at one go.
The investigation revealed that an employee working with an Asian Exchange had downloaded the malware-infested app which gives users the power to gain an almost complete access to the victim system. Once the Exchange worker received a recommendation via email, he downloaded the app from a website looking genuine and having a legitimate SSL certificate. Apple Jeus, as the app is called, included an infected updater doing the work of reconnaissance on behalf of the hackers. Once the recon work is complete, the hackers can easily use it to install the rogue update, giving them virtually total control of the computer.
Vitaly Kamaluk, a researcher at Kaspersky Labs, said that the Lazarus Group has been on radar of security experts and analysts ever since the beginning of last year when a Lazarus operator was found to be responsible for installing the Monero mining software on a server. Since that time, the infamous gang has been allegedly involved in robbing several crypto exchanges as well as other financial institutions. Kamaluk added that the very fact that the group took the effort to develop a dedicated malware for the MacOS besides the usual Windows version, and the great lengths it went to for making this a success indicates that the stakes are rather high for the hackers in this operation. Consequently, this means that these attacks can be expected to continue in the near future and the threat is far from gone.