North Korean Hackers Infiltrate Unnamed Crypto Exchange in First-Ever MacOS Hack

Udgivet den by Cryptoslate | Udgivet den

North Korea's notorious cyber-hacking outfit, "Lazarus Group," has reportedly deployed a MacOS-based malware to infiltrate cryptocurrency exchanges and applications, according to Kaspersky Labs.

Lazarus first made waves in 2009 after launching a worldwide Distributed Denial of Service attack against the South Korean government in 2009.

Vitaly Kamlut, head of Kaspersky's global research and analysis team in the APAC region, revealed the exchange did not face any financial losses, at least to their knowledge.

The researcher also stated that the exchange in question may have successfully eradicated the threat after Kaspersky notified them.

Kaspersky Labs used the pseudonym of "Operation AppleJeus" to discover the nefarious agency behind the hack.

The company was first informed about the fallacy after an employee downloaded a cryptocurrency application from a legitimate-looking website dedicated to crypto trading.

Running on Windows, the program automatically connected to the internet and downloaded "Fallchill," a remote access trojan virus that has been identified as the Lazarus Group's signature attack, at least since its deployment in political campaigns in 2016.

The Windows-targeting Lazarus went a step further for this instance and created a MacOS counterpart for Fallchill, hiding the strain in the Mac version of the crypto trading app.

Such a step avoided the crypto trading app from getting flagged during initial download. Fake Digital Certificate.

While Kaspersky did not reveal the infected exchange's name, the company noted that North Korean attackers have "Shown great interest" in infiltrating fiat and digital finance companies to re-route stolen funds to their country.

x