Tag: macos

North Korean macOS Malware Detected on Crypto Platform

Security researchers have encountered a new cryptocurrency-focused macOS malware, believed to be the work of a North Korean group of hackers known as Lazarus.

As reported by Bleeping Computer on Dec.4, the malicious malware is capable of retrieving payloads from remote locations and running them in memory, which is very uncommon for macOS. This feature makes it difficult to detect the malware and makes forensic analysis extremely difficult. Analyzing the software through malware and virus detection site—VirusTotal, the researchers reported that initially, only 4 antivirus engines flagged it as malicious, this number improved meekly to 5 at the time of publication.Lazarus Strike Again

Researcher Dinesh Devadoss, first encountered the malicious software on a website called—unioncrypto.vip—that advertised a trading platform for “smart cryptocurrency arbitrage”. The suspicious website did not cite any download links, but hosted a malware package under the name “UnionCryptoTrader.”

Security researcher and macOS hacker Patrick Wardle analyzed the malware found by Devadoss and determined that “there are some clear overlaps” with another malware implant that has also been attributed to Lazarus and found by Malware Hunter Team less than two months ago. At the time, the researchers detected that Lazarus had created another malware targeting Apple Macs that masquerades behind a fake cryptocurrency firm.

North Korean Headlines

North Korea has been making headlines in the blockchain and crypto news recently as, Ethereum research scientist, Virgil Griffith was arrested in Los Angeles last week and charged for allegedly aiding in the circumvention of U.S. Sanctions that have been placed on North Korea. Griffith gave a presentation in North Korea on blockchain and cryptocurrency, although his supporters have argued that all the information discussed is open information that can be accessed by anyone. Griffith was released from jail on bond and is awaiting trial.The Ethereum community has expressed its strong support for Griffith and its co-founder, Vitalik Buterin has publicly declared that he will do everything possible to clear Griffith’s name and has been sharing a petition to free the blockchain developer.

Image via Shutterstock

New MacOS Malware Hijacks Crypto Wallets Via Pirated Apps

Kaspersky Labs has uncovered a sophisticated malware campaign targeting MacOS users who download pirated apps. The malware specifically targets newer operating systems, macOS versions 13.6 and above, and is crafted to infiltrate users’ computers through compromised software installers. Once inside, it replaces legitimate Bitcoin and Exodus crypto wallets with infected versions​​​​​​.

The mode of infection involves compromised disk images containing an “activator” and the desired application. The malware lies dormant until the user runs the activator, which requires entering the user’s password. This sneaky tactic ensures that users unwittingly activate the compromised application. The malware then executes a Python script, which runs continuously, attempting to download further stages of infection. This script has dual functions: executing arbitrary commands from a server and checking for the presence of cryptocurrency wallet applications, which it then replaces with malicious versions​​.

The ingenuity of this malware lies in its simplicity and effectiveness. By manipulating executable files of legitimate applications to make them non-functional until the activator is run, hackers ensure that users are tricked into installing the malware. Once activated, the malware can execute any script with administrator privileges, including replacing Exodus and Bitcoin crypto wallet applications with versions that steal secret recovery phrases​​​​.

To protect against this evolving threat, Kaspersky researchers emphasize the importance of downloading apps only from official stores like the Apple App Store. They also recommend installing a trusted security solution, updating the operating system and apps regularly, and using strong, unique passwords for different accounts. Additionally, it is crucial to secure your seed phrase when setting up hardware wallets​​.

This malware campaign is a stark reminder of the risks associated with downloading pirated applications. It highlights the continuous innovation by hackers in developing tactics to compromise cryptocurrency users. Users are advised to exercise caution and implement robust security measures to protect their digital assets.

Exit mobile version