Security researchers from Kaspersky Lab reported an attack on one of the major Asian crypto exchange platforms. Hacker group Lazarus, allegedly linked to the North Korean government is responsible for the attack.
According to experts, hackers managed to penetrate the system of the exchange, however, apparently, there were no financial losses.
The attack, dubbed "Operation AppleJeus", occurred after one of the exchange’s employees downloaded an application from an allegedly legitimate website owned by the company that develops software for trading cryptocurrencies.
In fact, the application was fake and infected with malware. In Windows, the application infected the system with a Trojan for a remote access to Fallchill, which is known to be associated with the hacker group Lazarus.
Unlike previous Lazarus operations, hackers first used malicious programs for Mac. The malicious program was hidden inside the version of the same software for trading cryptocurrency for macOS.
The infected software for trade in cryptocurrencies was signed by the current digital certificate, which allows bypassing security checks. As experts noted, the company that signed the certificate never existed at the address specified in it. The researchers did not disclose the name of the attacked exchange.
WHY IS IT IMPORTANT?
- Specialists from the Kaspersky Lab note that soon there might be the version for Linux. Perhaps this is the first time that a group that creates a persistent threat is developing malware for macOS.
- In early July, a group of experts on cybersecurity established the fact of hacker attacks on computers with Mac OS. Targeting the users of Slack and Discord, in the chats dedicated to cryptocurrencies, hackers pretended to be the "key people" and shared fragments of an infected code.