Posted on August 26, 2018 at 2:25 PM
Mac Users Beware: Crypto-Stealing Malware Adapts to macOS
A new problem has emerged for Mac users, as the crypto-stealing Trojan adapts to macOS. The malware was developed by a hacking group called Lazarus, believed to be operating from North Korea.
Hackers now targeting macOS as well
According to security researchers from Kaspersky, a new campaign going by the name of ‘AppleJeus’ was recently uncovered. The campaign uses a malware called Fallchill, which was uncovered after compromising a crypto exchange from Asia.
The researchers noted that the attackers used a crypto trading app infected with a Trojan. The app was supposedly downloaded from an officially-looking site and was also posted by a reputable developer. According to the researcher, the developer was either hacked, and the app was posted from his account, or the entire false operation was somehow set up by the Lazarus group.
Soon after discovering the Trojan, researchers also uncovered that it was changed in order to be able to infect Mac devices as well. Prior to this discovery, the malware was only a threat to Windows devices. Now, however, the Mac users are endangered too, with Kaspersky researchers believing that a Linux version of the malware might also be either circulating already, or being in development. Obviously, this indicates that the hackers are expanding their operations, and widening their crypto-stealing net.
Mac targeted due to increase in popularity
After the malicious app gets installed on the device, the user likely won’t notice that anything is wrong, as the malware is extremely stealthy. It starts off by checking the device’s system in an attempt to deduce whether it is worth infecting further. If it finds a strong system worth compromising, it triggers a software update which downloads the true malicious payload.
The researchers have noted a significant increase in aggression in the way Lazarus has been operating. Now, the fact that they seem to be targeting Mac users as well represents a significant milestone for this group. Kaspersky said that the increase in macOS seems to be growing, which goes for IT firms and individual users alike.
A lot of engineers and developers have started using Mac. Since advanced users, high profile targets, as well as software developers are switching to Mac devices, the hackers are forced to do the same, and create Mac-affecting tools.
Kaspersky researchers continued to say that they believe that Lazarus might be able to hit all platforms. Obviously, they will focus mostly on the most popular ones among the software developers. Compromising firms and individuals that develop software might lead to numerous prizes, which is why they are most likely to be targeted.
Downloading apps has, obviously, become a dangerous thing to do, especially when they come from third-party sources. Caution is advised even when downloading apps from reputable platforms, and even more so when they come from unsecured ones. The fact that a reputable firm seems to be posting a specific app doesn’t necessarily mean that it is a legitimate app either, as we can see in the case of Fallchill.
And, while the Mac users have had it relatively easy so far when it comes to being targeted by malware and similar threats, they will have to learn to become more vigilant in the future.