Copy link
Increase text size
Decrease text size
Link copied

North Korean hacking group may be behind near-undetectable macOS malware

Lazarus, the infamous North Korean group, may be gearing up to launch another cyber-attack after a macOS malware has been discovered that has similarities with previous Lazarus virus.

Image: Pixabay

Thu, 05 Dec 2019, 03:35 am UTC

The infamous North Korean hacking group Lazarus appears to be on the move again, this time targeting macOS. Bleeping Computer reports that the group may be behind the new macOS malware that was found lurking beneath a fake cryptocurrency trading site.

The malware is notoriously difficult to spot and only five antivirus software can flag it down. The virus was found on the website “” and is offering a “smart cryptocurrency arbitrage trading platform.”

Fortunately, researchers found the malware before Lazarus could stage an attack. The first stage of the hack is an executable binary called “unioncryptoupdater,” which contacts a remote server to launch a payload.

A similar pattern

Although the server itself is active, it’s not providing the said payload, indicating that Lazarus may have been caught before it could full launch the operation. The lack of certificate is also another indication that Lazarus has been caught before the deed. According to security researcher and macOS hacker Patrick Wardle, this sort of procedure has an uncanny resemblance to the Operation AppleJesus that was attributed to the Lazarus group.

In September, U.S. President Donald Trump imposed a sanction on three North Korean groups that were supposedly responsible for the various attacks launched against multiple countries and crypto exchanges. The overall revenue that the group has apparently collected has reached $2 billion, which has been used to fund North Korea’s weapons and missile programs.

Countries in the east and west have all been targeted. From India and South Korea to Turkey and Mexico, the group’s hacking activities encompass hundreds of territories. Lazarus gained infamy two years ago when it stole and launched the WannaCry ransom worm from the National Security Agency (NSA) that spread through 150 countries and shut down around 300,000 computers. The U.K. health sector took most of the damage and it’s estimated that the virus cost the industry $112 million, Ars Technica reported.

North Korea contests the accusations

Following Trump’s sanction, North Korea published a statement that refuted the claims. A spokesperson for the ostracized nation called the accusations as “sheer lie.”

“The fabrication of such a sheer lie by the ringleaders of cybercrime and all other crimes is quite an absurd act aimed at re-enacting the same old trick as the Hitler fascist propagandists used to cling to, often saying ‘Tell a lie a hundred times and it will pass as a truth’. Such a fabrication by the hostile forces is nothing but a sort of a nasty game aimed at tarnishing the image of our Republic and finding justification for sanctions and pressure campaign against the DPRK,” the official statement read.

TokenPost | [email protected]

<Copyright © TokenPost. All Rights Reserved. >

To leave a comment, please sign in.
  • Bitcoin (BTC) $11,591.00 (-1.83%)
  • Ethereum (ETH) $380.50 (-3.78%)
  • XRP (XRP) $0.224600 (+0.84%)
  • Bitcoin Cash (BCH) $302.74 (-5.42%)
  • Bitcoin SV (BSV) $229.57 (-3.68%)
  • Bitcoin (BTC) $11,591.00 (-1.83%)
Feb 21, 2020 (Friday)
Paxos launches blockchain-based securities settlement solution with Credit Suisse and Instinet
Brazil to launch new payment system in response to cryptocurrencies
Digital currency exchange Coinbase Pro lists Kyber Network token
Norwegian Air to soon start accepting crypto payments
Swedish central bank begins CBDC pilot with Accenture
Italian soccer team Juventus launches ethereum-based digital collectibles with Sorare
Feb 20, 2020 (Thursday)
Telecom companies complete cross-carrier mobile payments using blockchain
National Stock Exchange of Australia to develop DLT-based digital securities trading platform
South Korean ICO project discontinued, to return $7.5M to token holders
Samsung maintains crypto support in soon-to-launch Galaxy S20
BIS appoints Innovation Hub heads to lead Singapore and Switzerland
Coinbase becomes first crypto company to receive Visa principal membership
Dubai Economy and six banks launch KYC Blockchain Consortium
Crypto Technicals: ETH/USD under downside pressure after 'Bearish Engulfing' pattern
Tim Draper buys $1M worth of Aragon Tokens to create digital courts for DAOs
Renewable energy firm Acciona commits to take CBI’s blockchain-based carbon credits trading platform global
Crypto Technicals: BTC/USD trades below 21-EMA, break below 4H 200 MA (9386) to trigger further downside
Crypto exchange Coinfloor to launch a simplified bitcoin buying service
Indonesia’s customs department joins IBM- Maersk blockchain shipping platform “TradeLens”
Feb 19, 2020 (Wednesday)
Crypto custodian BitGo acquires digital securities startup Harbor
Subscribe to the TokenPost newsletter!
Don't show me this again today.
Back to top
Copyright ⓒ TokenPost. All Rights Reserved.