North Korean macOS Malware Detected on Crypto Platform
Security researchers have encountered a new cryptocurrency-focused macOS malware, believed to be the work of a North Korean group of hackers known as Lazarus.
As reported by Bleeping Computer on Dec.4, the malicious malware is capable of retrieving payloads from remote locations and running them in memory, which is very uncommon for macOS. This feature makes it difficult to detect the malware and makes forensic analysis extremely difficult. Analyzing the software through malware and virus detection site—VirusTotal, the researchers reported that initially, only 4 antivirus engines flagged it as malicious, this number improved meekly to 5 at the time of publication.
Lazarus Strike Again
Researcher Dinesh Devadoss, first encountered the malicious software on a website called—unioncrypto.vip—that advertised a trading platform for “smart cryptocurrency arbitrage”. The suspicious website did not cite any download links, but hosted a malware package under the name “UnionCryptoTrader.”
Security researcher and macOS hacker Patrick Wardle analyzed the malware found by Devadoss and determined that "there are some clear overlaps" with another malware implant that has also been attributed to Lazarus and found by Malware Hunter Team less than two months ago. At the time, the researchers detected that Lazarus had created another malware targeting Apple Macs that masquerades behind a fake cryptocurrency firm.
North Korean Headlines
Image via Shutterstock