North Korean hackers may be behind malware distributed by cryptocurrrency trading platform


Reported today on TheNextWeb

For the full article visit: https://thenextweb.com/hardfork/2019/12/04/cryptocurrency-trading-platform-macos-malware-lazarus-north-korea/

North Korean hackers may be behind malware distributed by cryptocurrrency trading platform

Luckily, it doesn’t really do anything though

A new macOS malware packaged by a cryptocurrency trading platform has been uncovered by security researchers. The malware is believed to be the work of notorious North Korean hacking group Lazarus.

Security researcher Dinesh Devadoss tweeted their discovery of the malware yesterday. A detailed analysis of the malware can be read here.

Another #Lazarus #macOS #trojan md5: 6588d262529dc372c400bef8478c2eechxxps://unioncrypto.vip/

Contains code: Loads Mach-O from memory and execute it / Writes to a file and execute [email protected] @thomasareed pic.twitter.com/Mpru8FHELi

– Dinesh_Devadoss (@dineshdina04) December 3, 2019

The malware masquerades as a cryptocurrency arbitrage platform, a service typically used to take advantage of price discrepancies across other digital asset exchanges.

According to researchers, the malware is designed to retrieve a payload from a remote server and then run it in the infected machine’s memory.

Bleeping Compute
North Korean hackers may be behind malware distributed by cryptocurrrency trading platform