North Korean macOS Malware Detected on Crypto Platform
North Korean hackers known as the Lazarus group are believed to be behind the malicious piece of macOS malware that is capable of removing payloads from crypto-sites and running them as memory. The malware was barely detected by security researchers who claim this is the second attack in as many months by Lazarus.
Security researchers have encountered a new cryptocurrency-focused macOS malware, believed to be the work of a North Korean group of hackers known as Lazarus.
As reported by Bleeping Computer on Dec.4, the malicious malware is capable of retrieving payloads from remote locations and running them in memory, which is very uncommon for macOS. This feature makes it difficult to detect the malware and makes forensic analysis extremely difficult. Analyzing the software through malware and virus detection site—VirusTotal, the researchers reported that initially, only 4 antivirus engines flagged it as malicious, this number improved meekly to 5 at the time of publication.
Lazarus Strike Again
Researcher Dinesh Devadoss, first encountered the malicious software on a website called—unioncrypto.vip—that advertised a trading platform for “smart cryptocurrency arbitrage”. The suspicious website did not cite any download links, but hosted a malware package under the name “UnionCryptoTrader.”
Security researcher and macOS hacker Patrick Wardle analyzed the malware found by Devadoss and determined that "there are some clear overlaps" with another malware implant that has also been attributed to Lazarus and found by Malware Hunter Team less than two months ago. At the time, the researchers detected that Lazarus had created another malware targeting Apple Macs that masquerades behind a fake cryptocurrency firm.
North Korean Headlines
North Korea has been making headlines in the blockchain and crypto news recently as, Ethereum research scientist, Virgil Griffith was arrested in Los Angeles last week and charged for allegedly aiding in the circumvention of U.S. Sanctions that have been placed on North Korea. Griffith gave a presentation in North Korea on blockchain and cryptocurrency, although his supporters have argued that all the information discussed is open information that can be accessed by anyone. Griffith was released from jail on bond and is awaiting trial.
The Ethereum community has expressed its strong support for Griffith and its co-founder, Vitalik Buterin has publicly declared that he will do everything possible to clear Griffith’s name and has been sharing a petition to free the blockchain developer.
Image via Shutterstock
Image source: Shutterstock
