North Korean Hackers Suspected of Creating Mac-Based Malware

Mac users beware. North Korean hackers appear to be developing malware that can infect your computer.

Security firm Kaspersky Lab uncovered the macOS-based malware while investigating a hack at an unnamed cryptocurrency exchange in Asia. The alienation was sourced back to an email that convinced a company employee to download a tertiary-party app for trading virtual currencies.

Unfortunately, the app was a Trojan in disguise. According to Kaspersky, it independent a malware strain known every bit Fallchill, which has been linked to a notorious N Korean hacking grouping called Lazarus. Once infected, Fallchill tin can secretly take over your figurer to steal data or install other malicious code.

The app came from a US-based visitor chosen Celas, which specializes in secure "blockchain solutions" for the enterprise market. When you install it, the program doesn't practice anything harmful. However, Kaspersky Lab noticed that it can update itself and deliver the Fallchill malware to your estimator.

"(The updater) acts like a reconnaissance module: commencement, it collects basic data virtually the computer information technology has been installed on, and then information technology sends this information back to the command and command server," Kaspersky Lab said. "If the attackers make up one's mind that the computer is worth attacking, the malicious code comes back in the form of a software update."

The Trojan that striking the cryptocurrency commutation was installed on a PC. But during its investigation, Kaspersky noticed that the hackers had adult a Windows and Mac version of the app, both of which contained the subconscious car-updater.

"This is the showtime case where Kaspersky Lab researchers have observed the notorious Lazarus grouping distributing malware that targets macOS users, and information technology represents a wakeup call for everyone who uses this Os for cryptocurrency-related activity," the security house said.

Every bit for Celas, Kaspersky suspects it's a imitation company created past the North Koreans. The person who registered the Celas website domain paid for it using Bitcoin, and used a ramen store in Chicago as its concrete address. The Celas site is currently downwards, and it did not immediately respond to a request for annotate.

In recent months, several hacking attempts on cryptocurrency exchanges and banks have been blamed on the Lazarus grouping. One tactic involved trying to trick Bitcoin experts into installing malware through phishing emails that pretend to offer chore positions. To protect yourself, don't download apps from niggling-known vendors.

"Do not automatically trust the code running on your systems," Kaspersky Lab said. "Neither good looking website, nor solid visitor profile nor the digital certificates guarantee the absence of backdoors. Trust has to be earned and proven."

Source: https://sea.pcmag.com/news/29023/north-korean-hackers-suspected-of-creating-mac-based-malware

Posted by: marshalltince1960.blogspot.com

Share this post