A brand new macOS malware packaged by a cryptocurrency buying and selling platform has been uncovered by safety researchers. The malware is believed to be the work of infamous North Korean hacking group Lazarus.
Safety researcher Dinesh Devadoss tweeted their discovery of the malware yesterday. An in depth evaluation of the malware can be read here.
— Dinesh_Devadoss (@dineshdina04) December 3, 2019
The malware masquerades as a cryptocurrency arbitrage platform, a service sometimes used to reap the benefits of value discrepancies throughout different digital asset exchanges.
In accordance with researchers, the malware is designed to retrieve a payload from a distant server after which run it within the contaminated machine’s reminiscence.
Researchers additionally say that there are some “clear overlaps” with one other malware known as AppleJeus distributed by Lazarus.
If you happen to haven’t heard that title earlier than, the place have you ever been? Lazarus are nortorious for launching excessive worth assaults going after cryptocurrency hoards.
Final 12 months, Onerous Fork reported that the hacking group had stolen greater than $570 million price of cryptocurrency throughout 5 assaults.
The malicious package deal, named UnionCryptoTrader was hosted on the faux arbitrage platform’s web site.
The malware is programmed to run on every system reboot and gather details about the system’s serial quantity and OS model.
It’d sound worrisome, nevertheless, the distant command and management server isn’t responding with a malicious payload. Both one thing is on the best way, or the hacking group answerable for this malware is testing its methods for future assaults.
As Bleeping Laptop factors out, exectuing a file in reminiscence is a uncommon technique for macOS -based programs and it’s simply beginning to acquire recognition.
Fortunately, this one has been noticed earlier than something too nefarious has occurred. Replace your malware definitions, stat!
H/T – Bleeping Computer
Revealed December 4, 2019 — 13:31 UTC