Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Bitcoin OS X Operating Systems Apple Technology

North Korean Hackers Hit Cryptocurrency Exchange With macOS Malware (securityweek.com) 100

A North Korea-linked hacking group, dubbed Lazarus, deployed malware for macOS in an effort to infiltrate cryptocurrency exchanges. "In one of the attacks, which Kaspersky refers to as Operation AppleJeus, the group tricked an unsuspecting employee to download a trojanized cryptocurrency trading application that covertly downloaded and installed the Fallchill malware," reports SecurityWeek. Their malware was designed to target macOS in addition to Windows, marking the first time Lazarus has been observed using malware for Apple's OS, according to Kaspersky. The malware was reportedly pushed via an update. Slashdot reader asjk writes: The legitimate-looking application is called Celas Trade Pro and comes from Celas Limited. It's an all-in-one style cryptocurrency trading program which installs malicious code via an update. "... [the program] was seen running the Updater.exe module, which would collect system information and send it back to the server in the form of a GIF image," reports SecurityWeek. "Based on the server's response, the updater either keeps quiet or extracts a payload with base64 and decrypts it using RC4 with another hardcoded key to retrieve an executable file."
This discussion has been archived. No new comments can be posted.

North Korean Hackers Hit Cryptocurrency Exchange With macOS Malware

Comments Filter:
  • If only they were running the Windows 95 app instead of Mac OS the virus wouldn't have worked.

  • by Jeremi ( 14640 ) on Friday August 24, 2018 @08:31AM (#57185916) Homepage

    Anyone know how (or if) this malware makes it past the Gatekeeper? (i.e. does it have a valid package and application signature, or does it rely on the user to opt-out of Gatekeeper's validity check, or does it have some other trick it uses?)

    • What the heck is Gatekeeper? It is closed source software, it could be doing anything to your system and you would never know.
      • by Anonymous Coward

        Gatekeeper only allows apps signed by the App Store to run on Mac OS by default.

    • I think that is just for initial installation-- I have never seen an update trigger it. The update mechanism might need to be stealth though.

    • Anyone know how (or if) this malware makes it past the Gatekeeper? (i.e. does it have a valid package and application signature, or does it rely on the user to opt-out of Gatekeeper's validity check, or does it have some other trick it uses?)

      It "gets by" Gatekeeper by tricking the User into letting it run.

      I am SURE Gatekeeper WARNED about it; but in the end, the USER made the decision.

  • But MacOS is unix! How could this happen to unix??
  • I'm confused, i was told that you will never, ever catch a virus on an apple.

    https://www.youtube.com/watch?... [youtube.com]

    .
  • which Kaspersky refers ...

    Why are we reading anything originating from a KGB-controlled [washingtonpost.com] source [bloomberg.com] again?

    • If he presents verifiable evidence, it doesn't matter if the FSB itself presents it.
      • by mi ( 197448 )

        If he presents verifiable evidence

        That's a giant "if", though. Involvement of any state-backed actor — especially FSB — raises (or ought to raise) the requirement for verifiability by orders of magnitude on any quantifiable characteristics...

        it doesn't matter if the FSB itself presents it.

        Mr. Mueller would now like to have a word with you. Be sure to wait for the "Walk" light before crossing a road...

  • A sort of hipster convergence!
  • Incidental gain of oil.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...