Cryptocurrency Exchanges Under Attack by Lazarus Through AppleJeus Malware. It’s been recently discovered that the Lazarus Group, an infamous North Korean cyber crime ring (supposedly backed by the government), has been targeting cryptocurrency exchanges, fintech companies and even banks with aggressive attacks involving high-value thefts.
Reports from Kaspersky Lab’s Global Research and Analysis Team have indicated that Lazarus have infiltrated an Asian cryptocurrency exchange, and are using Trojanized software to steal cryptocurrency. Specifically, they’ve been employing a macOS malware known as AppleJeus.
Vulnerability of macOS users
This is the first time the notorious Lazarus Group have been found to target macOS users, who traditionally fall victims to cyber attacks less often than their Windows counterparts. It’s believed that copies of the malware are being downloaded from what seems to be the website of a company who develops cryptocurrency trading software, which otherwise appears to be legitimate from the outset. However, after further investigation researchers have been unable to associate or verify it with a legitimate organization, raising serious questions about its validity.
The malware essentially gathers confidential information and details on the host computer, before sending it back to the command and control server. If the attacker deems it worth pursuing, they prompt for an update which installs Fallchill, a Trojan which provides almost unlimited access to the device, allowing information and data theft. From the user’s perspective, it simply seems like a standard software update.
Serious warnings are being issued
Kaspersky Lab seriously advises businesses and individuals like to not trust code simply based on digital certifications, a seemingly valid company profile and a genuine looking website – because these can still shield a malicious group seeking to cause serious damage through their attacks.
Businesses in particular are recommended to employ comprehensive and advanced security solutions to protect their networks and infrastructure, and to use multi-factor authentication for significant financial transactions.