Hacker Group Lazarus Strikes Again by Breaching Asian Crypto Exchange via a Mac Malware
It’s often said that there is no such thing as a perfectly secure system, and the statement is also quite relevant in the case of cryptocurrency-related services or platforms. According to a report by Bleeping Computer, Lazarus Group, the already-infamous North Korean hacker group, has successfully breached an Asian cryptocurrency exchange.
Even though at the time of this writing, it is unclear that the incident resulted in financial losses, Lazarus managed to do something that has never been done before, namely, it managed to deploy a Mac malware strain. The malware was hidden within the cryptocurrency exchange’s Mac app.
The hack was confirmed by the Russian antivirus company Kasperski Lab that analyzed the aftermath of the hack. “The company was breached successfully, but we are not aware of any financial loss. We assume the threat was contained based on our notification,” Vitaly Kamluk, Head of GReAT APAC at Kaspersky Lab told the publication that originally reported the hack via an email today.
Hack discovered by chance by an employee
The hack, codenamed Operation AppleJeus, was discovered when an employee downloaded the application from what seemed to be a legitimate website, only to discover that the app was fake and triggered a Trojan alert. Apparently, the application also contained a malware called Fallchill, a remote access Trojan (for Windows) that was developed by the same group of hackers back in 2016
The hack seemed to have other particular traits. For example, unlike other previous Lazarus operations, the hackers did not embed the malware into the third-party app directly but modified its update component to automatically download the malware later on.
Things get even more interesting
Lazarus also displayed a great deal of resourcefulness since the trojanized app was signed by a valid digital certificate. This would explain how the app was able to bypass security scans. The plot thickens, as Kaspersky officials said that the digital certificate was in fact issued by a company that they weren’t able to prove it ever existed.
“The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future,” Kamluk declared for Bleeping Computer.
The crypto exchange that fell victim to the hackers has not been identified, but Kaspersky gave out a vague clue. “We are aware of waves of attacks on supply chains in South Korea this year, but AppleJeus is unrelated to these attacks. The victim was not located in South Korea,” Kamluk declared.