North Korean hackers infected a cryptocurrency exchange with malware for Windows and macOS for the first time, Russian internet security company Kaspersky Lab announced Thursday, August 23
In Kaspersky's report, the company reveals malware – nicknamed "AppleJeus" – has entered the systems of a nameless exchange after an employee has downloaded a "contaminated" app. Kaspersky now believes that the app comes from a fake developer with fake security certificates in an important operation by the North Korean hacker collective Lazarus Group.
Malware aimed to steal cryptocurrency funds, says Kaspersky, in what marks the last in a series of both
Kaspersky's report states that, in order to "ensure that the system platform operating system does not constitute an obstacle to the infection of the targets, it seems that the attackers have done the extra mile and developed malware for other platforms, including for macOS, "noting:
" Apparently, a Linux version will appear soon According to the website, it is probably the first time that we see this group of APTs using malware for macOS. "
South Korea's trades have traditionally been Lazarus's goals, with a wave of complaints surfacing for attacks on platforms like Bithumb, YouBit and Coinlink.
Speaking with Bleeping Computer, Vitaly Kamluk, head of Kaspersky's GRAAT APAC team, added:
"The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created completely fake software companies and software products to be able to provide this malware without being detected by security solutions, means that they see potentially big profits in the whole operation. "
At the beginning of July, a group of security researchers had discovered the targeting of macOS malware Hit and disagree users who talk about cryptocurrencies, with hackers impersonating "key people" in cryptographic chats and sharing "small fragments" that are downloaded and running a malicious binary.