LOGO_CRYPTO_SIGHT

New Lazarus Group-Originated MacOS Malware Surfaced On Crypto Trading Page

| 05-Th12-2019

A security expert have reportedly come across a new kind of malware, operating on the MacOS environment, which is likely another malicious project from the North Korea-based hacker group – the Lazarus Group.

Reported by Bleeping Computer on December 4, malware expert Dinesh Devadoss has discovered a suspicious software, appeared on the page “unioncrypto.vip”, which at the time was running promotion for a “smart cryptocurrency arbitrage trading platform”. Although no download link was enclosed in the page, a malware package that comes with the title “UnionCryptoTrader” was available. 

Specifically, the malware has the power to obtain a payload from a remote destination then run it in memory, a process that happens more often on the Windows environment, not MacOS. Researchers will have a harder time to identify the malware and conduct forensic analysis.

Following a detailed examination of the newly appeared malware, security researcher Patrick Wardle has identified  “clear overlaps”, with the malware detected by MalwareHunterTeam around October this year, which was then proved to be another project of the Lazarus group.

At the time of discovery, the researchers found out that Lazarus has designed a different Apple Macs-based malware, disguising as a fake digital coins company. 

The Lazarus Group-generated malware is not the only North Korea-related major news recently. The US prosecutors have brought into custody Virgil Griffith – who departed from America to the Democratic People’s Republic of Korea (DPRK), in an attempt to present a deck on the power of crypto and blockchain to find a way around sanctions.

Tags: , ,

Comments