August 23, Kaspersky Lab reported that North Korean hackers infected the crypto exchange with malicious software designed for both Windows and macOS. This is written by Cointelegraph.
In the report, this malicious program is called “AppleJeus”. It penetrated the systems of an unnamed crypto-exchange after one of its employees uploaded the “infected” application. Experts believe that it used fake security certificates, and behind this whole operation is the North Korean hacking team Lazarus Group.
According to Kaspersky Lab, the AppleJeus program is designed to steal cryptocurrency and is another attempt (which, successful and not so much, was already a lot) of North Korea in the field of hacking crypto-exchanges.
The report also says that “intruders have spared no time and developed malicious programs for other platforms, including macOS – so that the operating system does not become an obstacle to infection of targets. In the near future, according to their website, there should be a version for Linux. This is probably the first time in our minds when this group uses malicious software for macOS.”
The goals of Lazarus have become the South Korean exchanges more than once – according to the report of American company Recorded Future, also engaged in cyber security, earlier this hacker group made several attempts to attack platforms Bithumb, YouBit and Coinlink.
“The fact that they developed a program that infects not only Windows users but also users of macOS, and – most likely – even created an entire fake software company and a fake software product to deliver their malware through security means that they expect to earn very well on this operation,” said Vitaly Kamlyuk, director of the team on global research and analysis at Kaspersky Lab, to Bleeping Computer.
In early July, a group of cybersecurity researchers discovered a malicious program for macOS, aimed at users of Slack and Discord, communicating on the topic of cryptocurrency. Hackers gave themselves out in these chats for “key people”, and then shared small “code snippets”, which in fact were malicious programs. If a user succumbed to an attacker’s request to download and run this code, he could lose his cryptocurrency.