North Korea Hacking Group Lazarus Looks To Be Behind Latest Crypto Malware On MacOS
According to the recognized Malware Researcher Dinesh Devadoss, another crypto-related macOS trojan has been discovered.
As the researcher suggested, this malware may be related to the North Korean hacking group called Lazarus.
Is North Korea Behind A New Crypto Malware?
As per an in-depth analysis of the malware, Lazarus Group tends to target users and administrators of cryptocurrency exchanges. In general, they promote this malware through fake cryptocurrency companies and trading applications.
The malware was detected on a website called UnionCrypto.vip. Apparently, this firm was offering cryptocurrency arbitrage solutions for traders. However, this was just a fake website created in order to spread this malware.
Surprisingly, the malware can be detected by just a few anti-viruses in the market. The Lazarus Group has been improving its strategy trying to enhance its stealth while operating.
— Dinesh_Devadoss (@dineshdina04) December 3, 2019
Considering there were no download links on the website, the researchers claimed it was possible for it to retrieve a payload from a remote server that could enable them to run it on the memory of users’ infected machines.
It is also possible for the malware to reboot the system and collect valuable information about the serial number and OS version running on the users’ systems. It is worth mentioning that the Lazarous Group could be testing different malware solutions that could be implemented in future attacks with more advanced malware and viruses.
This is not the first time that North Korea was accused of being behind other cryptocurrency exchange hacks and malware released on the internet.
According to a recently released report by the United Nations, North Korea could have earned up to $2 billion hacking different financial institutions, cryptocurrency exchanges and other crypto-related companies. Crypto exchanges and users have always been affected by attacks, hacks and other malware that ended up compromising users’ cryptocurrencies and funds.