Internet security firm Kaspersky Lab has claimed that hackers with possible ties to North Korea have struck against an unnamed crypto exchange using malware targeting macOS.
Kaspersky lab attributes the latest hack to the Lazarus hack group.
According to Wikipedia, the Lazarus Group earned its chops in cyberattacks on banks in Ecuador, Vietnam, Poland, Taiwan and Mexico.
Then, in 2016, the group attempted to heist a breathtaking $851 million USD from the Central Bank of Bangladesh and successfully made off with $81 million.
The Lazarus Group are also believed to have initiated multiple cyberattacks against South Korean government and industrial targets between 2009 and 2013, and have lately been tied by threat intelligence company Recorded Future to attacks on South Korean crypto exchanges Bitthumb, Youbit and Coinlink.
Wikipedia, says Kaspersky Lab (KL) was the first to tie the group to North Korea, though KL has also admitted that code indicating a North Korean source for various Lazarus-linked malware may in fact be a false-flag meant to mislead investigators.
Notably, the latest attack on the unnamed crypto exchange is one of just a few known instances of malware successfully deployed against macOS systems.
Kaspersky Lab say that Lazarus has also promised a forthcoming version of the malware for Linux systems, something Kaspersky calls, “a wake up call for users of non-Windows platforms.”
The malware in question allegedly took the form of a, “trojanized cryptocurrency trading application…recommended to the company over email.”
In the hack, an exchange employee was successfully enticed to, “download a third-party application,” that led him or her to a “legitimate-looking” crypto trading interface.
There, the employee’s computer came into contact with malware designed to infect the whole exchange system and scoop crypto from the platform.
Vitaly Kamluk of Kaspersky Lab told Bleeping Computer, “We assume the threat was contained based on our notification.”
However, Kamluk also added that the elaborate nature of the attempted exchange hack suggests that Lazarus sees a lot of potential in this type of exploit:
“The fact that they…even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future.”