A brand new macOS malware packaged by a cryptocurrency buying and selling platform has been uncovered by safety researchers. The malware is believed to be the work of infamous North Korean hacking group Lazarus.
Safety researcher Dinesh Devadoss tweeted their discovery of the malware yesterday. An in depth evaluation of the malware can be read here.
— Dinesh_Devadoss (@dineshdina04) December 3, 2019
The malware masquerades as a cryptocurrency arbitrage platform, a service usually used to reap the benefits of value discrepancies throughout different digital asset exchanges.
In response to researchers, the malware is designed to retrieve a payload from a distant server after which run it within the contaminated machine’s reminiscence.
Researchers additionally say that there are some “clear overlaps” with one other malware referred to as AppleJeus distributed by Lazarus.
When you haven’t heard that title earlier than, the place have you ever been? Lazarus are nortorious for launching excessive worth assaults going after cryptocurrency hoards.
Final yr, Exhausting Fork reported that the hacking group had stolen greater than $570 million value of cryptocurrency throughout 5 assaults.
The malicious package deal, named UnionCryptoTrader was hosted on the faux arbitrage platform’s web site.
The malware is programmed to run on every system reboot and accumulate details about the system’s serial quantity and OS model.
It’d sound worrisome, nonetheless, the distant command and management server isn’t responding with a malicious payload. Both one thing is on the way in which, or the hacking group liable for this malware is testing its strategies for future assaults.
As Bleeping Laptop factors out, exectuing a file in reminiscence is a uncommon technique for macOS -based programs and it’s simply beginning to achieve recognition.
Fortunately, this one has been noticed earlier than something too nefarious has occurred. Replace your malware definitions, stat!
H/T – Bleeping Computer
Revealed December 4, 2019 — 13:31 UTC