August 25, 20184min563

North Korea’s Lazarus Target Cryptocurrency Exchanges with ‘AppleJeus’ MacOS Malware

Kaspersky Lab has discovered that the infamous North Korean cybercrime ring Lazarus has been targeting cryptocurrency exchanges, fintech companies and banks under a malware campaign called AppleJeus.

The cyber thieves have attempted to steal cryptocurrency using Trojanized cryptocurrency software,  according to Computer Weekly. Kaspersky Lab’s Global Research and Analysis Team reported Lazarus infiltrated an Asian cryptocurrency exchange. The Kaspersky team discovered a new malware attacking the Mac OS platform, the first time the Lazarus group was found to be using malware to attack Mac OS users.

Mac OS Users Vulnerable

The researchers noted that Mac OS users would not be as prepared as Windows users to address the threat, despite the fact that Windows and Mac OS versions of the malware work in identical fashion.

Copies of the malware are believed to have been downloaded from what appeared to be the website of a company that develops cryptocurrency trading software. The cryptocurrency trading application appeared to be legitimate and did not show signs of malicious activity, the researchers noted.

The researchers could not find a legitimate organization at the address noted on the certificate for the company, to which the domain was registered.

The malicious code was sent using an updated component that normally exists in legitimate software used to download new versions. The code gets sent as a software update once it gathers information on the host computer and the attacker determines it is worth attacking. The update then installs Fallchill, a Trojan the group has used previously, which indicated that Lazarus is behind the attack.

Trojan Enables Theft

Once installed, the Trojan provides ample access to the targeted computer, enabling the theft of information.

Vitaly Kamluk, who leads the Kaspersky Lab research team, said Lazarus has shown interest in cryptocurrency since early 2017 and has attempted to target cryptocurrency exchanges in addition to other financial companies.

Lazarus, which is linked to North Korea, apparently sees significant profit in this endeavor, considering that they developed malware to infect Mac OS computers as well as Windows, and have gone as far as to create a phony software product and phony company in order to send the malware without being detected. The group has also attacked banks.

Caution Urged

Kaspersky Lab advises businesses not to trust code running on their systems since digital certificates, a good company profile and a genuine looking website cannot assure there are no backdoors. Businesses are also advised to use a strong security solution with technologies for detecting malicious behavior and to subscribe to a good intelligence reporting service.

Businesses are further advised to use hardware wallets and multi-factor authentication when conducting large financial transactions. It is also advisable to use an isolated computer that is not used for reading email or browsing the internet.


About us

We are the new economy news hub. 2100NEWS is the professional index, data, and tools provider in the digital asset space, offering Crypto Market Intelligence, providing the perspective you can trust and equipping you with information edge you need to stay ahead. (Real-time data of token issuers and news, analysis and commentary from community.) We are very excited to contribute to the evolution of the industry and build an ecosystem around our offering (the institutional-grade data infrastructure required to enable institutional investments in digital assets). We want our contributions (Contents and Tools on 2100NEWS.com) to be useful for helping investors.


CONTACT US

CALL US ANYTIME



Latest posts



Newsletter


    • ethereumEthereum (ETH) $ 3,597.44 1.23%
    • litecoinLitecoin (LTC) $ 95.24 0.21%