The infamous North Korean hacking group Lazarus appears to be on the move again, this time targeting macOS. Bleeping Computer reports that the group may be behind the new macOS malware that was found lurking beneath a fake cryptocurrency trading site.
The malware is notoriously difficult to spot and only five antivirus software can flag it down. The virus was found on the website “unioncrypto.vip” and is offering a “smart cryptocurrency arbitrage trading platform.”
Fortunately, researchers found the malware before Lazarus could stage an attack. The first stage of the hack is an executable binary called “unioncryptoupdater,” which contacts a remote server to launch a payload.
A similar pattern
Although the server itself is active, it’s not providing the said payload, indicating that Lazarus may have been caught before it could full launch the operation. The lack of certificate is also another indication that Lazarus has been caught before the deed. According to security researcher and macOS hacker Patrick Wardle, this sort of procedure has an uncanny resemblance to the Operation AppleJesus that was attributed to the Lazarus group.
In September, U.S. President Donald Trump imposed a sanction on three North Korean groups that were supposedly responsible for the various attacks launched against multiple countries and crypto exchanges. The overall revenue that the group has apparently collected has reached $2 billion, which has been used to fund North Korea’s weapons and missile programs.
Countries in the east and west have all been targeted. From India and South Korea to Turkey and Mexico, the group’s hacking activities encompass hundreds of territories. Lazarus gained infamy two years ago when it stole and launched the WannaCry ransom worm from the National Security Agency (NSA) that spread through 150 countries and shut down around 300,000 computers. The U.K. health sector took most of the damage and it’s estimated that the virus cost the industry $112 million, Ars Technica reported.
North Korea contests the accusations
Following Trump’s sanction, North Korea published a statement that refuted the claims. A spokesperson for the ostracized nation called the accusations as “sheer lie.”
“The fabrication of such a sheer lie by the ringleaders of cybercrime and all other crimes is quite an absurd act aimed at re-enacting the same old trick as the Hitler fascist propagandists used to cling to, often saying ‘Tell a lie a hundred times and it will pass as a truth’. Such a fabrication by the hostile forces is nothing but a sort of a nasty game aimed at tarnishing the image of our Republic and finding justification for sanctions and pressure campaign against the DPRK,” the official statement read.
Comment 0