Copy link
Increase text size
Decrease text size
Link copied

North Korean hacking group may be behind near-undetectable macOS malware

Lazarus, the infamous North Korean group, may be gearing up to launch another cyber-attack after a macOS malware has been discovered that has similarities with previous Lazarus virus.

Image: Pixabay

Thu, 05 Dec 2019, 03:35 am UTC

The infamous North Korean hacking group Lazarus appears to be on the move again, this time targeting macOS. Bleeping Computer reports that the group may be behind the new macOS malware that was found lurking beneath a fake cryptocurrency trading site.

The malware is notoriously difficult to spot and only five antivirus software can flag it down. The virus was found on the website “” and is offering a “smart cryptocurrency arbitrage trading platform.”

Fortunately, researchers found the malware before Lazarus could stage an attack. The first stage of the hack is an executable binary called “unioncryptoupdater,” which contacts a remote server to launch a payload.

A similar pattern

Although the server itself is active, it’s not providing the said payload, indicating that Lazarus may have been caught before it could full launch the operation. The lack of certificate is also another indication that Lazarus has been caught before the deed. According to security researcher and macOS hacker Patrick Wardle, this sort of procedure has an uncanny resemblance to the Operation AppleJesus that was attributed to the Lazarus group.

In September, U.S. President Donald Trump imposed a sanction on three North Korean groups that were supposedly responsible for the various attacks launched against multiple countries and crypto exchanges. The overall revenue that the group has apparently collected has reached $2 billion, which has been used to fund North Korea’s weapons and missile programs.

Countries in the east and west have all been targeted. From India and South Korea to Turkey and Mexico, the group’s hacking activities encompass hundreds of territories. Lazarus gained infamy two years ago when it stole and launched the WannaCry ransom worm from the National Security Agency (NSA) that spread through 150 countries and shut down around 300,000 computers. The U.K. health sector took most of the damage and it’s estimated that the virus cost the industry $112 million, Ars Technica reported.

North Korea contests the accusations

Following Trump’s sanction, North Korea published a statement that refuted the claims. A spokesperson for the ostracized nation called the accusations as “sheer lie.”

“The fabrication of such a sheer lie by the ringleaders of cybercrime and all other crimes is quite an absurd act aimed at re-enacting the same old trick as the Hitler fascist propagandists used to cling to, often saying ‘Tell a lie a hundred times and it will pass as a truth’. Such a fabrication by the hostile forces is nothing but a sort of a nasty game aimed at tarnishing the image of our Republic and finding justification for sanctions and pressure campaign against the DPRK,” the official statement read.

TokenPost | [email protected]

<Copyright © TokenPost. All Rights Reserved. >

To leave a comment, please sign in.
  • Bitcoin (BTC) $8,476.35 (+1.21%)
  • Ethereum (ETH) $162.58 (-0.12%)
  • XRP (XRP) $0.224600 (+0.84%)
  • Bitcoin Cash (BCH) $322.86 (-3.77%)
  • Bitcoin SV (BSV) $279.96 (-1.42%)
  • Bitcoin (BTC) $8,476.35 (+1.21%)
Jan 24, 2020 (Friday)
Ripple CEO Brad Garlinghouse hints at the possibility of IPO
Crypto Technicals: Major Cryptocurrency Support Resistance Levels
Crypto Technicals: Major Cryptocurrency Daily Technical Outlook
Japan ruling party lawmakers to propose digital yen in February: Report
Hackers becoming more sophisticated as crypto exchanges bolster security measures: Chainalysis
Crypto Technicals: XRP/USD slips below 21-EMA, more weakness to follow
Tether launches new stablecoin backed by physical gold
Crypto exchange ErisX partners with Etale to offer new trading features
World Economic Forum launches blockchain-based supply chain traceability platform
Crypto Technicals: LTC/USD holds above 51 mark, finds strong support at daily cloud
Liechtenstein's Financial Market Authority approves ethereum-based real estate tokenized fund
Greece to extradite alleged BTC-e operator Alexander Vinnik to France after supreme court ruling
Agribusiness blockchain initiative Covantis selects ConsenSys as technology partner
Crypto exchange Binance invests in blockchain startup Numbers
Crypto Technicals: ETH/USD holds above 21-EMA and cloud support, further weakness on charts
Indian IT firm Mphasis to develop blockchain privacy-enhancing tech solutions with QEDIT
Crypto Technicals: BTC/USD extends weakness, eyes next major support at 110-EMA (8134)
Jan 23, 2020 (Thursday)
Amun lists inverse bitcoin ETP on SIX Swiss Exchange
World Economic Forum creates framework to help central banks design and deploy CBDC
Crypto Technicals: Major Cryptocurrency Support Resistance Levels
Subscribe to the TokenPost newsletter!
Don't show me this again today.
Back to top
Copyright ⓒ TokenPost. All Rights Reserved.