Security analysts have allegedly unearthed another attack emanating from notorious North Korean hacking group known as Lazarus. The new malware is developed as a fake cryptocurrency trading platform and is targeting MacOS users, the Nextweb reports.
In a blog post written by Jamf Patrick Wardle, Apple Mac Security researcher, outlined the nature of the malware indicating that it looks more like a rehash of the previous exploits by the group.
As per the blog post, the hackers have created a front company known as JMT trading as well as an accompanying open-source crypto trading platform. The trading app was hosted on GitHub and that’s where its originality comes to an end.
Wardle indicated that there is a suspicious code within the JMT trading software’s code that allows the hackers ‘to remotely execute commands on any device that has installed the app. The code gives attackers full control of an infected MacOS system giving them the ability to do as they want with the device, Wardle explained.
A closer examination of the JMT trading codes revealed that it was a reapplication of Lazarus past strategies where it combines malicious code with genuine looking apps.
This is not the first time that Lazarus is trying this trick as last year it set up a fake trading app known as Celas that was later discovered by security analysts at Kaspersky Labs. At the time, Kaspersky noted that the malicious crypto trading app was being recommended to unsuspecting victims via an email.
After the discovery, Wardle explained that the new malware could be targeting crypto exchange staff rather than daily retail investors.
While one can argue that Lazarus are slow to creativity seeing that they are repeating the same tricks to rob individuals, on the contrary, this could be necessitated by the fact that their tricks are working well.
Research published last year claimed that North Korea based hacking syndicate was the most profitable in the world and is working tirelessly to perfect their tactics. In the past North Korea has been called out by security officials for using cybercriminals to steal cryptos to fund the Kim Jong-Un’s government.
