North Korea-linked hackers revive cryptocurrency rip-off to hijack macOS

North Korea-linked hackers revive cryptocurrency rip-off to hijack macOS

Safety researchers have reportedly uncovered one other assault from a North Korea-linked hacking group. However on nearer inspection it appears to be nothing greater than a rehash of the group’s earlier exploits.

In response to analysis revealed yesterday, the hacking group, Lazarus, is now utilizing pretend cryptocurrency buying and selling software program, created by a equally pretend entrance firm, Forbes studies.

It seems that hackers arrange a entrance firm referred to as JMT Buying and selling, and wrote an accompanying open-source cryptocurrency buying and selling app. The code to which was hosted on GitHub. Nonetheless, right here’s the place the originality ends.

Within the code for the JMT Buying and selling software program is a chunk of malicious code which, in line with Mac safety knowledgeable Patrick Wardle, offers hackers the “skill to remotely execute instructions” on a sufferer’s machine. It offers dangerous actors full management over the contaminated macOS system, giving attackers the flexibility to do something they need, he added.

On nearer inspection, JMT Buying and selling is only a reapplication of Lazarus’ earlier methods by which it bundles nefarious code with official wanting apps.

Final yr, Lazarus arrange a pretend buying and selling platform and firm referred to as Celas, it was detected by safety researchers at Kaspersky Labs. Analysis posted to Securelist, Kaspersky’s media outlet learn:

Whereas investigating a cryptocurrency trade attacked by Lazarus, we made an sudden discovery. The sufferer had been contaminated with the assistance of a trojanized cryptocurrency buying and selling software, which had been really helpful to the corporate over electronic mail.

You might say that Lazarus has zero creativity, seeing because it’s simply recycling its outdated hacks, however alternatively, it might be as a result of its scams are working.

Analysis final yr discovered the North korea-linked hacking group was the most worthwhile hacking syndicate on this planet.

Need extra Exhausting Fork? Be part of us in Amsterdam on October 15-17 to debate blockchain and cryptocurrency with main specialists.

Revealed October 14, 2019 — 14:25 UTC

Matthew Beedham

October 14, 2019 — 14:25 UTC

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.