A new MacOS malware packaged by a cryptocurrency trading platform has been uncovered by security researchers. It is believed that the malware came from the infamous North Korean hacking group Lazarus.
Security researcher Dinesh Devadoss tweeted yesterday about the discovery of the malware. A detailed analysis of the malware can be found here. Contains code: loads Mach-O from memory and executes it. / Write to a file and execute it. dineshdina04) December 3, 2019
The malware disguises itself as a cryptocurrency arbitrage platform, a service that typically exploits price differences between other digital asset exchanges.
According to researchers, the malware should retrieve a payload from a remote server and then run it in the infected computer's memory.
Bleeping Computer reports that VirusTotal malware is virtually unrecognized.
Researchers also say that there is some "significant overlap" with another malware called AppleJeus d is being distributed by Lazarus.
If you have not heard this name yet, where have you been? Lazarus is known for launching valuable attacks on hoarding cryptocurrencies.
Last year, Hard Fork reported that the hacking group had stolen more than $ 570 million of cryptocurrency in five attacks.
The malicious package called UnionCryptoTrader was hosted on the website of the fake arbitrage platform.
The malware is programmed to run every time the system restarts, collecting information about the serial number and operating system version of the system. t react with a malicious payload. Either something is on the way, or the hacking group responsible for this malware tests their techniques for future attacks.
How Bleeping Computer performs is a rare strategy for macOS-based systems to erase a file in memory in order to gain popularity.
Fortunately, this was discovered before anything too shameful happened. Update your malware definitions, stat!
H / T – Bleeping Computer
Published on December 4, 2019 – 13:31 UTC