Malware targeting Apple computers used false company cryptocurrencies as a facade

Contents

Key facts:

Specialists believe that the group of hackers north koreans Lazarus is behind the malicious software.The malware is hosted in the memory of the computers with MacOS and is very difficult to detect.A new malware affecting Apple computers and is very difficult to detect. Security researchers confirmed this week the presence of the virus, stressing that its creators used a trading company cryptocurrencies false as a front for their illegal activities.The expert in cyber-security, Dinesh Devadoss, revealed the discovery of the virus able to be stored in the memory of the computers with operating systems MacOS. The malware can receive a payload —that is to say, a message, or any other type of data— from a remote location. In this way, hackers can execute specific operations, such as theft of personal files, directly from the memory of the computer. The malware may also collect information about the operating system of the computer and its serial number, among other data.The diffusion and the resistance of the malware to the virus was confirmed by security expert Patrick Wardle, research manager of the software company Jamf. The specialist stressed that this was a virus very difficult to detect. The malicious file uses a tool, known as a daemon, which allows it to run in background without affecting the normal functions of the computer. According to calculations by the platform Virus Total, 70 antivirus programs on the market, only 12 have been able to come up with the new malware. Due to this, it is considered a malicious file with great resistance.One of the most striking features of the virus is that it is related to an alleged trade company of cryptocurrencies. In the web page of the platform, called the Union’s Crypto Trader, you can find the malware packaging, notes the blog Objetive See. The company offers itself as “a platform smart trade arbitration cryptocurrencies”, but has no links that redirect or allow download real-world applications.Hackers have created a website for the company false in stating that works with Bitfinex, Kraken, Binance and Gemini. Source: Objective Ess.The virus has not compromised any computer in an irreversible way, has not stolen data or cryptocurrencies to those affected. The researchers believe that the same was discovered before the hackers could send a payload that will operate an action on the computer. That is to say, before carrying out an organized attack. However, recommended to the Apple users and antivirus companies be on the lookout for a activation scheduled.

Companies cryptocurrencies false as bait

The blog Aiming for Ess noted, along with Devadoss and Wardle, that the creators of this new malware can be the group of hackers north koreans Lazarus. The researchers not only discovered codes that you share this virus with other malicious files developed by Lazarus, but also found similarities in the modus operandi.For example, in the year 2018, the same group carried out an operation similar attack, known as AppleJeus, which used a malware aimed at Apple computers. The hackers sent an e-mail invitation to participate in a trading platform of cryptocurrencies, which was full of trojan viruses. Also, the past month of October, the ecosystem, reported that the group Lazarus had created a company of cryptocurrencies false, call JMT Trading. The course project contained in your code, hung up on Github, a trojan that gave access to the operating system of their victims.(Picture 2: The blog Objetive Ess found similarities between the fake page used by Lazarus in the campaign AppleJeus with the current virus revealed. Source: Objective Ess).This is not the first time that the group of hackers in north korea is interested in attracting users of cryptocurrencies to turn them into his victims. Lazarus has developed prior to virus dedicated exclusively to steal bitcoins, as they have been indicated as responsible of the creation of the ransomware Wannacry. One of the attacks data encryption with ransom in bitcoins to greater losses generated among the european companies.Beyond if North Korea is involved in these attacks or not, you can confirm that at present there are many commercial applications of cryptocurrencies that are malicious. Hackers use the popularity of the ecosystem blockchain to capture unsuspecting users, so it is recommended to take preventions before you download applications on the web. To investigate the source of a product and its developers is a practice that you can avoid bogus offers. Also, it is recommended to download applications only from official web sites or social networks verified.

Cryptocurrency Market