North Korean Hackers Hit Cryptocurrency Exchange With macOS Malware (securityweek.com) 100
A North Korea-linked hacking group, dubbed Lazarus, deployed malware for macOS in an effort to infiltrate cryptocurrency exchanges. "In one of the attacks, which Kaspersky refers to as Operation AppleJeus, the group tricked an unsuspecting employee to download a trojanized cryptocurrency trading application that covertly downloaded and installed the Fallchill malware," reports SecurityWeek. Their malware was designed to target macOS in addition to Windows, marking the first time Lazarus has been observed using malware for Apple's OS, according to Kaspersky. The malware was reportedly pushed via an update. Slashdot reader asjk writes: The legitimate-looking application is called Celas Trade Pro and comes from Celas Limited. It's an all-in-one style cryptocurrency trading program which installs malicious code via an update. "... [the program] was seen running the Updater.exe module, which would collect system information and send it back to the server in the form of a GIF image," reports SecurityWeek. "Based on the server's response, the updater either keeps quiet or extracts a payload with base64 and decrypts it using RC4 with another hardcoded key to retrieve an executable file."
Re: (Score:2, Funny)
Re: (Score:2)
Umm, that's not humane. Plus it might damage any oil/mineral reserves.
Re: (Score:2)
Mow them down with machine guns on helicopters?
Re: (Score:2)
This is why people think youre crazy APK
Re: (Score:2)
Does APK stand for Anonymous Penis Killer? Just wondering..
hackintosh and apple can use this to get laws ban (Score:1)
hackintosh and apple can use this to get laws to ban them that just ends making end users drop mac or be stuck with apples crap that over heats all the time.
Re: (Score:2)
hackintosh and apple can use this to get laws to ban them that just ends making end users drop mac or be stuck with apples crap that over heats all the time.
NO OS can be made immune to TROJANS.
Period.
OS X/macOS: Almost 20 years and STILL no real viruses.
Re: (Score:1)
OS X/macOS: Almost 20 years and STILL no real value in the real world.
Just give it up apple; at this point its a joke.
Maybe just start saying macOS was a HOBBY for apple.
If only... (Score:2)
If only they were running the Windows 95 app instead of Mac OS the virus wouldn't have worked.
Gatekeeper? (Score:3)
Anyone know how (or if) this malware makes it past the Gatekeeper? (i.e. does it have a valid package and application signature, or does it rely on the user to opt-out of Gatekeeper's validity check, or does it have some other trick it uses?)
Re: (Score:1)
Re: (Score:1)
Gatekeeper only allows apps signed by the App Store to run on Mac OS by default.
Re: (Score:2)
I think that is just for initial installation-- I have never seen an update trigger it. The update mechanism might need to be stealth though.
Re: (Score:2)
Anyone know how (or if) this malware makes it past the Gatekeeper? (i.e. does it have a valid package and application signature, or does it rely on the user to opt-out of Gatekeeper's validity check, or does it have some other trick it uses?)
It "gets by" Gatekeeper by tricking the User into letting it run.
I am SURE Gatekeeper WARNED about it; but in the end, the USER made the decision.
unix (Score:1)
Re: (Score:2)
Re: (Score:2)
Because Murika! Don't you know were too proud to hide behind a proxy? Plus don't forget Murika! Only the Deep State NSA hides behind a proxy, real Murikans!! use IPv6!
MacOS Malware? (Score:2, Funny)
https://www.youtube.com/watch?... [youtube.com]
.
Re: (Score:2)
Re: (Score:2)
This.
No usable OS will ever be able to protect a user from installing an application they think is legit. Well, I guess really strict ACLs or every app getting its own VM/sandbox might.
Gatekeeper defaults to only allow Apps from the Mac App Store. That's about as safe as you can get with Trojans.
Re: (Score:2)
Until some software someone wants to use isn't signed, yet is widely known to work great. The bit gets flipped and forgotten. Happens on all of them.
Re: (Score:2)
Until some software someone wants to use isn't signed, yet is widely known to work great. The bit gets flipped and forgotten. Happens on all of them.
Apple took care of that little problem. The setting automatically reverts back to the safest setting after a fairly short period (30 days, IIRC).
Fairly reasonable compromise between security and convenience.
And regardless of the setting, it still warns you on any downloaded software, making you have to affirmatively allow the installation.
Re: (Score:2)
That was just one of many lies apple tells.
They also dont throttle their phones. Well they do but its for your own good.
Quit LYING yourself!
NO OS can be made safe from TROJANS.
Are we trusting Kasperksy?! (Score:3)
Why are we reading anything originating from a KGB-controlled [washingtonpost.com] source [bloomberg.com] again?
Re: Are we trusting Kasperksy?! (Score:3)
Re: (Score:2)
That's a giant "if", though. Involvement of any state-backed actor — especially FSB — raises (or ought to raise) the requirement for verifiability by orders of magnitude on any quantifiable characteristics...
Mr. Mueller would now like to have a word with you. Be sure to wait for the "Walk" light before crossing a road...
Re: (Score:2)
I see what you did
Cryptocurrency *and* Mac! (Score:2)
Preemptively defend against everyone! (Score:1)
Incidental gain of oil.