The cyber thieves have attempted to steal cryptocurrency using Trojanized cryptocurrency software, according to Computer Weekly. Kaspersky Lab’s Global Research and Analysis Team reported Lazarus infiltrated an Asian cryptocurrency exchange. The Kaspersky team discovered a new malware attacking the Mac OS platform, the first time the Lazarus group was found to be using malware to attack Mac OS users.
Mac OS Users Vulnerable
The researchers noted that Mac OS users would not be as prepared as Windows users to address the threat, despite the fact that Windows and Mac OS versions of the malware work in identical fashion.
Copies of the malware are believed to have been downloaded from what appeared to be the website of a company that develops cryptocurrency trading software. The cryptocurrency trading application appeared to be legitimate and did not show signs of malicious activity, the researchers noted.
The researchers could not find a legitimate organization at the address noted on the certificate for the company, to which the domain was registered.
The malicious code was sent using an updated component that normally exists in legitimate software used to download new versions. The code gets sent as a software update once it gathers information on the host computer and the attacker determines it is worth attacking. The update then installs Fallchill, a Trojan the group has used previously, which indicated that Lazarus is behind the attack.
Trojan Enables Theft
Once installed, the Trojan provides ample access to the targeted computer, enabling the theft of information.
Vitaly Kamluk, who leads the Kaspersky Lab research team, said Lazarus has shown interest in cryptocurrency since early 2017 and has attempted to target cryptocurrency exchanges in addition to other financial companies.
Lazarus, which is linked to North Korea, apparently sees significant profit in this endeavor, considering that they developed malware to infect Mac OS computers as well as Windows, and have gone as far as to create a phony software product and phony company in order to send the malware without being detected. The group has also attacked banks.
Kaspersky Lab advises businesses not to trust code running on their systems since digital certificates, a good company profile and a genuine looking website cannot assure there are no backdoors. Businesses are also advised to use a strong security solution with technologies for detecting malicious behavior and to subscribe to a good intelligence reporting service.
Businesses are further advised to use hardware wallets and multi-factor authentication when conducting large financial transactions. It is also advisable to use an isolated computer that is not used for reading email or browsing the internet.
Featured image from Shutterstock.