Slashdot Mirror
North Korean Hackers Hit Cryptocurrency Exchange With macOS Malware (securityweek.com)
A North Korea-linked hacking group, dubbed Lazarus, deployed malware for macOS in an effort to infiltrate cryptocurrency exchanges. "In one of the attacks, which Kaspersky refers to as Operation AppleJeus, the group tricked an unsuspecting employee to download a trojanized cryptocurrency trading application that covertly downloaded and installed the Fallchill malware," reports SecurityWeek. Their malware was designed to target macOS in addition to Windows, marking the first time Lazarus has been observed using malware for Apple's OS, according to Kaspersky. The malware was reportedly pushed via an update. Slashdot reader asjk writes: The legitimate-looking application is called Celas Trade Pro and comes from Celas Limited. It's an all-in-one style cryptocurrency trading program which installs malicious code via an update. "... [the program] was seen running the Updater.exe module, which would collect system information and send it back to the server in the form of a GIF image," reports SecurityWeek. "Based on the server's response, the updater either keeps quiet or extracts a payload with base64 and decrypts it using RC4 with another hardcoded key to retrieve an executable file."
We need to turn North Korea into a sheet of trinitite with carbon residue where people were standing when the liberation happened.
Anyone know how (or if) this malware makes it past the Gatekeeper? (i.e. does it have a valid package and application signature, or does it rely on the user to opt-out of Gatekeeper's validity check, or does it have some other trick it uses?)
I don't care if it's 90,000 hectares. That lake was not my doing.
Why are we reading anything originating from a KGB-controlled source again?
In Soviet Washington the swamp drains you.
Umm, that's not humane. Plus it might damage any oil/mineral reserves.
Requiem for the American Dream