- A new malware covered under a cryptocurrency exchange platform was discovered in the macOS by its respective security researchers.
- The malware had ties with its sister malware, commonly known as “AppleJeus”, which again was spread by Lazurus.
- The researchers present a strategy of implementing a memory-based file is a new phenomenon the macOS systems.
Recently a new malware covered under a cryptocurrency exchange platform was discovered in the macOS by its respective security researchers. The same is suspected to be a move from Lazarus, which is claimed to be North Korea’s prominent hacking group.
The issue was brought to the attention of the media when one of the above-mentioned security researcher, Dinesh Devadoss, tweeted about the detection.
Lazarus Group is a notorious cybercrime consisting of anonymous hackers. Over time, security researchers have attributed various cybercrimes to the group. These cybercrimes were made on a large scale basis. The group is identified as a potential threat by various anti-cybercrime entities across the world. This attribution was built on account of various attacks made by the group
The malware used a crypto-exchange platform as a disguise to expand its spread across various systems. The move was based on the various advantages provided by such a platform, which was appropriately used, by the hacker, as a brilliant strategy to execute their malware. Apart from that The arbitrage services offered by such platforms are used by many for its efficient services.
Nuances of the attack
The malware functions in such a way that, it collects a payload from a remote server which is further made run in memory of the attacked machine.
It is reported that the malware was unable to be identified by software like VirusTotal, a Spanish entity specialized and popular for its online scanning services. Meanwhile, the researchers added that the malware had ties with its sister malware, commonly known as “AppleJeus”, which again was spread by Lazurus.
As mentioned earlier, the Lazurus group is widely known for its strong malware attacks behind the veils of fake cryptocurrency platforms. Its previous attacks on various systems can prove the group’s power.
The group is reported to have looted around $570 million worth of cryptocurrency, and the same was done through just five attacks. The fake crypto-platform provided a package named UnionCryptoTrader, which allowed its makers to spread the malware.
The malware runs in such a way that it collects a system’s information based on its respective Operating Systems and serial number. However, it is to be emphasized that the present situation is not alarming for the reason that the servers are not reacting with such malware. This was ascertained by the researchers who also opined about the probability of the extent of the present attack in the near future.
The researchers present a strategy of implementing a memory-based file is a new phenomenon the macOS systems, which is gradually gaining popularity. However, it is fortunate that the present malware was spotted by the respective individuals before it gained access to superior systems.
A caution note
Malware like the present has the capability of entering any systems at any time. It is the individuals attributed to their computers who must keep a watch of such a system.
Anti-Cyber Crime authorities are continuously engaged in monitoring such vicious groups. However, such threats gain strength only if they are permitted by the users, who are required to restrict such entries.