Kaspersky Lab: North Korea Hacks Cryptocurrency Exchange With ‘First’ macOS Malware

Published at: Aug. 23, 2018

North Korean hackers have infected a cryptocurrency exchange with malware for both Windows and macOS for reportedly the first time, Russian internet security company Kaspersky Lab announced Thursday, August 23.

In Kaspersky’s report, the company reveals the malware — dubbed “AppleJeus” — made its way into the systems of an unnamed exchange after an employee downloaded a “tainted” app. Kaspersky now believes the app came from a fake developer with fake security certificates in a major operation by North Korean hacker collective Lazarus Group.

The malware aimed to steal cryptocurrency funds, Kaspersky claims, in what marks the latest in a spate of both successful and failed attempts by North Korea in the crypto hacking space.

Kaspersky’s report states that in order to “ensure that the OS platform was not an obstacle to infecting targets, it seems the attackers went the extra mile and developed malware for other platforms, including for macOS,” noting:

“A version for Linux is apparently coming soon, according to the website. It’s probably the first time we see this APT group using malware for macOS.”

South Korean exchanges have traditionally been the targets for Lazarus, with a rash of complaints surfacing with regard to attacks on platforms such as Bithumb, YouBit, and Coinlink.

Speaking to Bleeping Computer, Vitaly Kamluk, head of Kaspersky’s GReAT APAC team, added:

“The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation.”

In early July, a group of security researchers had discovered macOS malware attacks targeting Slack and Discord users talking about cryptocurrencies, with hackers  impersonating “key people” in crypto-related chats and then sharing “small snippets” that are downloaded and execute a malicious binary.

Tags
Related Posts
Bithumb Hong Kong subsidiaries reportedly face civil suit from Thai partner
Bithumb’s Hong Kong affiliates are reportedly facing a civil suit for breach of contract. According to a Tuesday report by the Korea Times, the suit is being initiated by a former Bithumb partner in Thailand, which is accusing the South Korean-headquartered exchange of unilaterally halting its business in Thailand and causing major losses. The Thai firm — which remains unnamed — is reportedly preparing to file a lawsuit against Bithumb’s Hong Kong subsidiaries, including Bithumb Global Holdings and GBEX, as well as top company executives in July. According to the plaintiff firm, Bithumb’s Hong Kong-based entities were allegedly involved in …
Bitcoin / July 6, 2021
Bithumb found ‘partially liable’ for a 2017 hacking incident
A judge in the Seoul Central District Court dismissed two claims filed by individuals against the controversial crypto exchange, Bithumb. The individuals were seeking $126,000 and $38,000 respectively for damages related to a data breach incident back in 2017. According to Fn News, plaintiffs Hong and Seo (both named only by their surname) stated that they had lost money due to a phishing attack using private data that was extracted in a hack of Bithumb. The third claimant, Jang, was granted $5,000 to cover his total loss. This amount reflects a much lower dollar value than his initial $27,200 claim. …
Bitcoin / Sept. 3, 2020
Russia: Bitcoin Activity Rising Despite Strict Law Proposals
A branch of the Russian federal government has recently published a draft of new litigation called “On Digital Financial Assets,” which is focused on enforcing strict cryptocurrency laws in the country. The legislation has not been approved yet and has been in discussion since 2018. The new laws define Bitcoin as property but not legal tender, and propose, among many other things, that Bitcoin (BTC) miners register as individual companies so they can be appropriately taxed. President Putin is planning on developing and revealing a new tax for Bitcoin miners by July 1, but many are skeptical about the government’s …
Blockchain / July 1, 2020
Bithumb Losses Totalled $180 Million in 2018 Bear Market, Company Reports
South Korean cryptocurrency exchange Bithumb had a net loss of 205 billion won ($180 million) in 2018 due to the Bitcoin (BTC) bear market, local English-language daily news outlet Korea Times reported on April 11. Citing data from the exchange’s operator, BTCKorea.com, the publication revealed Bithumb, South Korea’s largest exchange, endured the extensive losses despite sales growing 17.5% compared to 2017. “In terms of sales, we saw a 17% increase, and we continue to increase overseas investments,” a spokesman added in private comments. Bithumb’s performance falls in line with other similar losses in the cryptocurrency industry, which accepted the growing …
Bitcoin / April 11, 2019
Bithumb Announces External Audit Results in Wake of $13 Million Hack
South Korean cryptocurrency exchange Bithumb has conducted a professional external audit of its funds after a major hack last month, the company confirmed in a statement on April 11. Bithumb, South Korea’s largest exchange, lost around 14 billion won ($13 million) two weeks ago in an event executives believe was masterminded by an insider. Now, Bithumb has used a third party to assess its reserves, repeating its previous assurances that customer funds remained safe in cold storage wallets. The 14 billion of hacked EOS (EOS) tokens, a previous statement said, represented company-only funds. All remaining funds in its hot wallet …
Bitcoin / April 11, 2019