KASPERSKY

The North Korean hackers have infected cryptointerchange with malware for Windows and macOS for the first time, reportedly the Russian Internet security company Kaspersky Lab announced on Thursday, August 23.

In the Kaspersky report, the company reveals that the malware (dubbed "AppleJeus") reached the systems of an anonymous exchange after an employee downloaded a "contaminated" application. Kaspersky now believes that the application comes from a fake developer with fake security certificates in an important operation of the North Korean hacker collective Lazarus Group.

The malware aimed to steal cryptocurrency funds, Kaspersky says, in what marks the latest in a series of successful and failed attempts by North Korea in the crypto-piracy space.

The Kaspersky report states that to "ensure that the OS platform was not an obstacle to infecting the targets, it seems that the attackers made an extra effort and developed malware for other platforms, including macOS", noting:

"Apparently, a version for Linux will come soon, according to the website. It's probably the first time we see this APT group using malware for MacOS. "

South Korean exchanges have traditionally been the target of Lazarus, with a series of complaints about attacks on platforms such as Bithumb, YouBit, and Coinlink.

Speaking with Bleeping Computer, Vitaly Kamluk, head of the GReAT APAC team at Kaspersky, added:

"The fact that they have developed malware to infect macOS users in addition to Windows users and - most likely - have created a completely fake software company and software product to be able to deliver this malware undetected by Security solutions mean that they see great potential benefits throughout the operation. "

In early July, a group of security researchers had discovered macOS malware attacks targeting Slack and Discord users who spoke of cryptocurrencies, with hackers posing as "key people" in crypto-related chats and then sharing "little ones" snippets "that were downloaded and executed a malicious binary.