Fake Cryptocurrency Company Used as a Façade by Malware to Target Apple Computers
Specialists believe that the North Korean group of hackers Lazarus is behind the malicious software. The malware hosts itself on the memory of computers with MacOS and is very difficult to detect.
It was reported that new malware is affecting Apple computers and is very difficult to detect. Security researchers confirmed the presence of the virus, highlighting that its creators use a fake cryptocurrency trading company as a façade for their illegal activities.
Cyber-security expert Dinesh Devadoss revealed the finding of a virus that can store itself on the memory of computers with MacOS operating systems. The malware may receive a payload ― that is, a message or any other type of data ― from a remote location. Thus, hackers can execute specific operations, such as the theft of personal files directly from the computer’s memory.
The malware’s spread and resistance to antivirus were confirmed by security expert Patrick Wardle, head of research at the software company Jamf. He stressed that the virus is very difficult to detect as it uses a tool known as Daemon, which allows it to run in the background without affecting the computer’s normal functions. According to the VirusTotal platform, only 12 out of 70 antivirus programs on the market have been able to find the new malware.
Strikingly, the virus is related to an alleged cryptocurrency trading company. The packaged malware can be found on the website of the platform Union Crypto Trader, as noted by the Objective See blog. The company offers itself as “a smart cryptocurrency arbitrage trading platform” but it does not provide any links for downloading real applications.
Fortunately for those affected, it was found that the virus has not compromised any computer irreversibly, nor has it stolen data or cryptocurrencies. The researchers believe that it was discovered before hackers could send a payload that would operate an action on the computers, that is, before they could conduct an organized attack.
False Cryptocurrency Companies as Bait
The Objective See blog says, together with Devadoss and Wardle, that this new malware’s creators maybe the North Korean group of hackers Lazarus. The researchers not only discovered codes that this virus shares with other malicious files developed by Lazarus but also found similarities in the modus operandi.
In 2018, the same group conducted a similar attack operation, known as AppleJeus, which used malware aimed at Apple computers. The hackers emailed an invitation to participate in a cryptocurrency trading platform, which was packed with Trojan viruses. Last October, the ecosystem also reported that the Lazarus group had created a false cryptocurrency company called JMT Trading.
It should be noted that this not the first time that the North Korean group of hackers has been interested in attracting cryptocurrency users to make them their victims. Lazarus has previously developed viruses dedicated to stealing Bitcoin, and has been said to be responsible for creating the Wannacry ransomware, a data encryption attack with a ransom demand in Bitcoin that generated the greatest losses among European companies.
Hackers take advantage of the popularity of the blockchain ecosystem to capture unsuspecting users, so it is recommended to take precautions before downloading applications from the web. Researching the origin of a product and its developers, as well as downloading applications only from official websites or verified social networks, are two practices that can help avoid false offers.
By Willmen Blanco