Slashdot Mirror
North Korean Hackers Hit Cryptocurrency Exchange With macOS Malware (securityweek.com)
A North Korea-linked hacking group, dubbed Lazarus, deployed malware for macOS in an effort to infiltrate cryptocurrency exchanges. "In one of the attacks, which Kaspersky refers to as Operation AppleJeus, the group tricked an unsuspecting employee to download a trojanized cryptocurrency trading application that covertly downloaded and installed the Fallchill malware," reports SecurityWeek. Their malware was designed to target macOS in addition to Windows, marking the first time Lazarus has been observed using malware for Apple's OS, according to Kaspersky. The malware was reportedly pushed via an update. Slashdot reader asjk writes: The legitimate-looking application is called Celas Trade Pro and comes from Celas Limited. It's an all-in-one style cryptocurrency trading program which installs malicious code via an update. "... [the program] was seen running the Updater.exe module, which would collect system information and send it back to the server in the form of a GIF image," reports SecurityWeek. "Based on the server's response, the updater either keeps quiet or extracts a payload with base64 and decrypts it using RC4 with another hardcoded key to retrieve an executable file."
"The legitimate-looking application is called Celas Trade Pro and comes from Celas Limited. It's an all-in-one style cryptocurrency trading program which installs malicious code via an update. "
We need to turn North Korea into a sheet of trinitite with carbon residue where people were standing when the liberation happened.
It seems that even in the most communist of countries the allure of shiny iThings is too great.
If only they were running the Windows 95 app instead of Mac OS the virus wouldn't have worked.
"That's the way to do it" - Punch
Anyone know how (or if) this malware makes it past the Gatekeeper? (i.e. does it have a valid package and application signature, or does it rely on the user to opt-out of Gatekeeper's validity check, or does it have some other trick it uses?)
I don't care if it's 90,000 hectares. That lake was not my doing.
0.0.0.0 www.celasllc.com
0.0.0.0 celasllc.com
0.0.0.0 black.host
0.0.0.0 libertyvps.net
0.0.0.0 www.domains4bitcoins.com
0.0.0.0 www.namecheap.com
0.0.0.0 www.changeip.com
0.0.0.0 domains4bitcoins.com
0.0.0.0 namecheap.com
0.0.0.0 changeip.com
0.0.0.0 njal.la
"sends the victim's information to a webserver using HTTP and the following URL" FROM https://securelist.com/operati...
(1st 2 links (celasllsc ones) = distribution URLs for it & also where it sends your information - the other IP addresses listed in the article are effectively not needed since you can't draw it into your system in the 1st place BUT you can put those into firewall rules tables also IF you wish (to be safest))
APK
P.S.=> See list above for hosts file level blocking of its information transferral - effectively NULLIFYING its purpose... apk
But MacOS is unix! How could this happen to unix??
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
APK Hosts File Engine 2.0++ 64-bit for Linux & BSD h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing you hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!
* ONLY 1 of its kind in GUI 4 Linux/BSD
(Better vs. Windows model in speed/efficiency/merge)
APK
P.S.=> Protects vs. script trackers/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware downloads/malcript/email malicious payloads... apk
I don't care what computers in what country some fucker is bounching this off of. It was not made by North Korea, they don't have the people nor the expertise, period.
And in any case, accusing China, Russia, North Korea or whoever of lowering themselves to petty theft makes no sense. Leave these sort of bullshit accusations to the biggest bullshit-regurgitator on the planet: United States.
Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016
his hosts program is actually pretty good by xenotransplant August 10 2015
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015
I like your host file system by Karmashock September 09 2015
that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015
I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017
* Linux model = faster/more efficient
APK
P.S.=> APK Hosts File Engine 9.0++ SR-1 32/64-bit for Windows https://www.google.com/search?...
APK continually lies, never trust his advise.
Like how he claims the Chinese copied him but can't produce any evidence.
How about when he states that hosts does port filtering but again can't backup his statement which was shown to be false.
There is also his list of "experts" who support him but it turns out they don't say what he is claiming.
This also ignores his out of context quotes he uses to lie by omission.
The problem with APK is that his entire reputation is built upon the lie he told years ago that hosts is an effective security solution. It has been exposed numerous times as being a lie and when exposed APK fails to argue logically and instead will try to deflect criticism, change the subject, move the goal posts, return to a previously disproven statement, demand you prove you did better than his file concatenator, or just call people names. He will continue to lie by stating that he won or "dusted" you while failing to refute anything you said, will never provide real evidence, and generally try to dodge the issue.
Face it APK is one of the most detested individuals here for good reason. When ever his poor behavior, awful logic, over statements, and horrendous writing are called out he has a fit and has done so for years across the internet. He is a spammer, and is an abusive insecure little man who is washed up and never amounted to anything. Until he produces actual verifiable facts supporting his case nothing he says should be taken seriously.
Who did it 1st: China or me? I did - dates are my proof http://theregister.co.uk/2017/... w/ the FACT China rampantly STEALS U.S. Intellectual properties & military secrets!
* See subject: NOBODY TRUSTS YOU as you STALK ME by UNIDENTIFIABLE anonymous - real "trustworthy" you are, lol (not)!
When you've done BETTER than I have in a ware that protects & speeds folks up online?
THEN, they might (you never will though & you KNOW it JEALOUS "Lil' Jowie").
Arstechnica = losers who stalked me (as you do now anonymously unidentifiably) to NTCompatible.com & Windows IT Pro magazine forums to their public dismay in Jeremy Reimer & Jay Little + Jarrett DeAngelis (who posts here on /. until I drove his ass off too) when their websites were REMOVED by their hosting providers in Shaw Canada & CrystalTech (for both email harassing me caught on a tracking ticket + stalking me & posting lies about me on them AFTER I destroyed them both PUBLICLY @ Windows IT Pro on Exchange Servers memory being freed UNHALTING them (which tells you Exchange is HEAVILY POINTER ORIENTED linked list driven, which leads to memory fragmentation that CAN halt a serverware)).
Jay Little the "self-proclaimed 'EXCHANGE EXPERT'" HAD TO CONCEDE IT from MICROSOFT'S OWN DOCUMENTATION proving it FOR me there (where they as usual stalked me AS YOU ARE NOW)
Thor SCHMUCK?
Ask him WHY his false accusation of an old ware of mine was 1st taken down to NO threat & CA sold off the SHITTY antivir he sold (as a paid pawn of theirs) & they are GONE, done. dead... lol!
Lookup "CA Accounting Scandal" on Google - scumbags & THEIR BIRDS OF A FEATHER just go down vs. me everytime!
APK
P.S.=> TONS of Security experts KNOW blacklists work (no questions asked) & 3 things show I do it right:
1st = User praise my hosts engine https://tech.slashdot.org/comm... (so much for ME being "detested" but I'm not here to win a popularity contest - just here to WIN so everyone does).
2nd "ATTACKS" I GET (from UNIDENTIFIABLE ac as Elon Musk got https://tech.slashdot.org/stor... )
3rd BEING IMITATED = "Imitation = sincerest form of flattery" https://linux.slashdot.org/com... JUST LIKE CHINA DID ME TOO... apk
what the fuck? you are unhinged and need some meds, dude. Maybe take that dragon dildo out of your ass and see a doctor
See subject & answer: 1.) Do hosts stop threats served by hostname (the way threats are done most) by blocking them? Yes. 2.) Do hosts speed you up 2 ways in adblocking (preventing more infection/tracking/slowdown) & via hardcoded favorite sites resolving faster + protecting vs. dns down or redirect poisoned? Yes.
My hosts program's the only 1 that does the latter @ TOP of hosts cached in RAM (for best performance) & only 1 of its kind on Linux/BSD in easy to use flexible configuration GUI form.
(I also did that latter part LONG before the Chinese & 1st http://theregister.co.uk/2017/... )
APK
P.S.-> Have you done work that is that effective doing far more for far less faster in kernelmode speed (cpu priority) w/ less complexity with excess overheads & for exploit vs. solutions KNOWN to be security-issue riddled (like addons (souled-out to NOT work by default OR easily detected & blocked that are BYPASSABLE & EXPLOITABLE), DNS & Antivirus)? No... apk
I see my post you replied to crushed you - Excellent! Now answer 2 simple questions that FURTHER destroy you https://it.slashdot.org/commen... rather easily, troll...
* LOL!
APK
P.S.=> Man, I just GOTTA say it (per tradition while I totally SQUASH puny trolls on /., lmao): THIS? This was just "too, Too, TOO EASY - just '2ez'" as it always is... apk
I'm confused, i was told that you will never, ever catch a virus on an apple.
https://www.youtube.com/watch?...
.
This Space Intentionally Left Blank
Why are we reading anything originating from a KGB-controlled source again?
In Soviet Washington the swamp drains you.
A sort of hipster convergence!
Once again, APK pretends to be someone else to defend himself and attack his critics.
Let's be honest: you are APK.
When you do this, it reduces your credibility. It is inherently dishonest, which reflects poorly on your character.
Your post about your hosts file software is completely off-topic. It's spam. You are a spammer.
Why are you so arrogant that you believe you should be able to post off-topic spam with impunity? Why do you believe you should be able to report your spam repeatedly in response to your spam correctly being modded down?
No doubt you'll repeat some crap about being world class. But you're not world class. You're a spammer who wrote a program to sort other people's work and remove duplicate lines.
hackintosh and apple can use this to get laws to ban them that just ends making end users drop mac or be stuck with apples crap that over heats all the time.
All of this is off-topic and you know it.
This is a story about MacOS malware. You're spamming about software for Linux and Windows. That makes your posts off-topic and deserving of being modded down.
Moreover, you've spammed for weeks that you were imminently going to release a MacOS version of your hosts file software. It's still nowhere to be seen.
So, where is it? Back up your words or STFU.
Says Mr. "credible" (not) himself who UNIDENTIFIABLE anonymous STALKS Apk + ran from 2 simple questions https://it.slashdot.org/commen...
See my subject & it's only a matter of me sending the source to someone I know that has a Mac to recompile it for it!
(He's a busy guy though & I am waiting for him to call me back to do the FreePascal recompile of it for MacOS X (should go well - the Linux Binary Compatibility of FreeBSD (root of MacOS X iirc) helped)).
APK
P.S.=> I see you RAN from answering 2 simple questions I put to you too https://it.slashdot.org/commen... (lol, no surprise, as they SHUT YOUR MOUTH easily)... apk
The only thing that matters is which exchanged got hacked, you jackasses! So which?!?!
hackintosh and apple can use this to get laws to ban them that just ends making end users drop mac or be stuck with apples crap that over heats all the time.
NO OS can be made immune to TROJANS.
Period.
OS X/macOS: Almost 20 years and STILL no real viruses.
I am APK the great "LORD of HOSTS", a.k.a. AlecStaar from ArsTechnica or Alexander Peter Kowalski.
See subject & APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / I . a m . a . f u c k i n g / a s s h o l e . r e t a r d . z i p (remove spaces between characters & download).
I am the godlike creator of various GUI front-ends for other people's configuration files.
When presented with facts I rebut them with wild speculations, false support, and out of context quotes
All of my accomplishments revolve around me being proven to be an annoying spamming asshole
See me be proud of my inability to be a functional adult
I think only one person responds to me as I shitpost and that I dusted them on another site, but in reality I am widely hated but just can't admit it to myself.
Mistaking mockery and parody for impersonation is how I think people flatter me because I can't possibly understand that they detest me.
Don't call me out on anything unless you are willing to prove you too can write some strings to a file programmatically
Calling people ne'er-do-wells or Jealous JOWIEs is how I think I win every argument
I just don't understand why every site I post on everyone makes fun of me, it can't be because I am a shit stick but instead because they are all Ne'er-do-well SOYboy Jealous JOWIEs.
Witness my descent into madness
APK
OS X/macOS: Almost 20 years and STILL no real value in the real world.
Just give it up apple; at this point its a joke.
Maybe just start saying macOS was a HOBBY for apple.
Incidental gain of oil.
Requiem for the American Dream
Umm, that's not humane. Plus it might damage any oil/mineral reserves.
Requiem for the American Dream
See subject: As you IMPERSONATE me proving you WISH you were me though, lol - poor imitation though but sincerest form of flattery!
Despite YOU trying to "put me down" while impersonating me & in your other posts STALKING me (where I destroyed you w/ ease mind you)? Well - when YOU have done BETTER in software than I have? THEN, you can TALK talker.
(Otherwise you're just JEALOUS "Lil' Jowie" doing your usual BLOWHARD hotair talking out your ASS!)
APK
P.S.=> The only "mockery" here is you w/ your OBSESSIVE stalking or impersonating me - you're the one descending into madness (can't blame you since I blow you away constantly, I can see you getting a "wee bit 'FruStRaTeD'" (w/ your constant FAILS vs. me, lol))... apk
APK isn't enough of a man to directly address the issues raised, so he pretends to not be APK. In fact, APK would probably have to refer to himself as a soyboy weasel.
If you actually were strong, you could accept criticism, reflect on it, and become a better person. Instead, your narcissistic personality disorder prevents you from accepting any criticism. You've been making an ass of yourself online for two decades now. Your NPD prevents you from actually becoming stronger. Seek help. You need it.
APK has a long history of vile anti-semitic posts dating back to even his time on ArsTechnica as AlecStaar. This includes spamming the same anti-semitic spam post over 25 times in one story and wishing for his critics to burn in the Nazi ovens.
APK is a Nazi. And his hosts file software is a slow ass piece of shit.
You were modded down for a good reason. Stop reposting your idiotic spam.
How's your ex-marine butt buddy doing? We all know that you can't afford to pay your own expenses so you need a live-in butt buddy to cover the costs.
You're wrong I'm a nazi & my father + his entire family were imprisoned & made slaves of in Nazi Labor Camps in WW II stupid.
* What have I said here that is "antisemitic"?
APK
P.S.=> Could it be JEW ADVERTISERS don't LIKE I am winning vs. their bullshit since they own all the news agencies thru NEWSCORP (fake news) via rothchild BY CUTTING THEIR ADS OUT that infect/track/slow us? Is THAT why you said what you did?? Answer that... apk
Newsflash: You can't CENSOR me - accept it: I override downmod wannabe weapon of the censor & repost running you DRY of abused 'downmodpoints'.
* I DEFY YOUR STUPID ASS...
APK
P.S.=> ... & I do so w/ IMPUNITY to make you look like the effete FOOL you are, lol - easily... apk
You projected you're not man enough to answer 2 simple questions I asked you & you RAN "Forrest" https://it.slashdot.org/commen...
* RoTfLmAo...
APK
P.S.=> ... & you KNOW it (now, everyone else does too - thanks)... apk
This works on MacOS X as it's easy to manually enter for users of it w/ rights to hosts https://it.slashdot.org/commen... just as I do it on Linux vs. MAC/DAC & in Windows too vs. WFP/SFP to edit hosts!
* VERY tiny amount of entries to do to be SAFE vs. this threat & MANY OTHERS this month alone e.g. https://it.slashdot.org/commen... + https://it.slashdot.org/commen... + https://it.slashdot.org/commen... & that's only recently while I've been on Linux AGAIN (a month++ now only) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows
PLUS, like I said - a PURE MacOS X version of my program?
Only a compile away once the guy I know w/ a Mac frees up time to load FreePascal 3.04 & Lazarus 1.8.2 IDE for it to make it so (not long now I imagine)!
APK
P.S.=> Lastly as to OFF TOPIC? Speak for yourself & GET ON TOPIC chump... apk
If YOU were strong you'd stand behind your words vs. UNIDENTIFIABLE anonymous STALKING me you do w/ 'Cry of the "ne'er-do-well' NPD bs!
What INFERIOR losers like you ALWAYS have to resort to since you know you'll NEVER achieve anything of any worth to others!
(... but I do TONS vs. "your kind" e.g. 30 reviews by registered /.ers on quality/efficacy of Win32/64 model (Linux one's faster too) https://tech.slashdot.org/comments.pl?sid=12478398&cid=57130680/ https://tech.slashdot.org/comments.pl?sid=12478398&cid=57137806/ https://tech.slashdot.org/comments.pl?sid=12478398&cid=57137868/ https://tech.slashdot.org/comments.pl?sid=12478398&cid=57137916/ https://tech.slashdot.org/comments.pl?sid=12478398&cid=57137944/
APK
P.S.=> Keep HIDING from me - it's OBVIOUS you FEAR me & can't stand behind your bs... apk
Mow them down with machine guns on helicopters?
This is why people think youre crazy APK
BS - hosts specifics stop threats IF served by hostname (99% of threats are) MINUS false positives HELL wildcards cause.
Hosts are FASTER than FAULTY w/ large hosts files usermode slower dnscache service (in Windows) by FAR due to KERNELMODE faster/more cpu priority given diskcaching subsystem in use for caching them.
(Hosts blocking ads ALONE assures more speed than a dnscache does also LET ALONE avoiding remote DNS (or even local over LAN) lookup delay + usermode slow faulty caches)
* YOU LOSE AGAIN, lmao... & you're folloing me around "looking for weakness" from me & FINDING none here (I love it, lol).
APK
P.S.=> THIS? This was just "too, Too, TOO EASY - just '2ez'" as I'm obviously dealing w/ a NOOB in yourself FAILING vs. me as always, lol - thanks for making ME look GOOD & yourself? Well (not so good)... apk
BS - hosts specifics stop threats, period IF served by hostname (99% of threats are) MINUS false positives HELL wildcards cause.
Hosts are FASTER than FAULTY w/ large hosts files usermode slower dnscache service (in Windows) by FAR due to KERNELMODE faster/more cpu priority given diskcaching subsystem in use caching them.
(Hosts blocking ads ALONE assures more speed than a dnscache does also LET ALONE avoiding remote DNS (or even local over LAN) lookup delay + usermode slow faulty caches)
* YOU LOSE AGAIN, lmao... & you're folloing me around "looking for weakness" from me & FINDING none here (I love it, lol).
APK
P.S.=> THIS? This was just "too, Too, TOO EASY - just '2ez'" as I'm obviously dealing w/ a NOOB in yourself FAILING vs. me as always, lol - thanks for making ME look GOOD & yourself? Well (not so good)... apk
Apparently they can't THINK then & the proof's ME shooting down UNIDENTIFIABLE anonymous troll worm again https://it.slashdot.org/commen...
* NO QUESTIONS ASKED, lol - Easily, as always vs. "wannabes" & "ne'er-do-wells" that don't possess the brainpower or knowledge to even TRY 'think', lmao!
APK
P.S.=> Let me tell you 1 thing: It's NOT easy being "World-Class" (like me)... apk
> OS X/macOS: Almost 20 years and STILL no real viruses.
Well, at least in your febrile mind.
Maybe you should seek medical attention.
LMAO - maybe when you consider.how EASILY I am killing the PUNY little anonymous PENIS stalking me https://it.slashdot.org/commen...
* :)
(Yes, folks - it's NOT EASY being the "idol of millions" & "World-Class" (like ME, lol)).
APK
P.S.=> I have my "full-time hero" image to keep up & all that (best part is, these anonymous FOOLS help me do it by constantly LOSING/FAILING vs. me, making ME look GREAT & themselves? Well... lol, "not too great")... apk
FAR better than you are after I SCORCHED YOU w/ EASE due to your "noobiness" stupid https://it.slashdot.org/comments.pl?sid=12520872&cid=57190276/
* "RoTfLmAo", bigtime...
How F'ing STUPID are you to even TRY "take me on" anyway? You always FAIL vs. me...
( ... then again, it's WHY you HIDE behind UNIDENTIFIABLE anonymous as you try "probe for weakness" in my tech know-how w/ You STALKING me for YEARS now only to find NONE here, lol...)
APK
P.S.=> Having a roommate is extra money is all - I can get by minus them but they're also good company too (& neither of us are homosexuals which I'm sure disappoints you seeing as you're looking for a 'date', lol)... apk
hackintosh and apple can use this to get laws to ban them that just ends making end users drop mac or be stuck with apples crap that over heats all the time.
When will you end this Markov Chain bot experiment?
They have a ton of low end air defenses against that. Perhaps a world record per square kilometer.
Namecheap is a domain registrar and not even their nameservers. Your approach to security is to panic and block everything legit instead of the actual problem. You are an idiot and clueless. You take credit for other people's curated block lists and your closed source malware just formats them like any regex script can do, but you act like you wrote the fucking holy grail of software.
I don't know what the fuck a "jowie" is, it's another stupid fucking thing you keep saying over and over.