Lazarus APT Developed New Malware Targeting Apple Mac

Rate this post

Yet another malware has been reportedly developed by the North Korean cyber attack group known as Lazarus APT.

What’s interesting about this malware is that it specifically targets Apple Macs as it hides behind several fake crypto firms.

This development didn’t go unnoticed and Patrick Wardle, the Apple Mac security specialist, published a detailed blogpost describing the nature of the malware last week.

The malware was initially reported by the MalwareHunter Team on the previous day.

The .dmg for Mac (with the malware in it), and the malware alone are both on VT for more than a month, but still 0 detections when last scanned. pic.twitter.com/4ag4WtX1Do

— MalwareHunterTeam (@malwrhunterteam) October 11, 2019

According to Wardle and MalwareHunter, users need to be incredibly careful since at the time of their publication, there was no way to detect the malware by any engines on VirusTotal.

Additionally, it appears that the malware is very closely related with the malware created by the same Lazarus Group and first detected by Kaspersky Labs last year.

Lazarus APT are using tactics which experts are familiar with

In the same fashion as the previous strain of malware, the attackers have created a fake crypto company, or a few of them. By the initial reports, there seems to be more than one, but the most often seen seems to be “JMT Trading”.

After the fake crypto company is created, an open-source crypto trading app is also developed and its code is uploaded on GitHub while carefully concealing the malware within.

Wardle mentioned that open-source security tools and manual detection processes by alerted users should be perfectly able to detect the malware. He warned however, that VirusTotal engines seemed to be missing the malware completely. According to him, the most likely targets of the malware are not users of crypto exchanges, but rather their employees.

You can also check out: