North Korean hackers target Windows and Mac platforms in exchange attack

August 23, 2018
Chris Wheal

Kaspersky Lab has confirmed that North Korean hackers targeted both Windows and Mac operating systems with a new malware hack, infecting a crypto exchange. The name of the exchange was not confirmed. The hackers are the notorious Lazarus Group, claims Kaspersky Lab.

Unwelcome discovery

The move came to light while the anti-virus company was investigating a cryptocurrency exchange attack. The unnamed victim had been infected thanks to a trojanized cryptocurrency trading app, recommended to the company through an email. 

Beware of Fallchill – Lazarus are returning to an old stamping ground

“It turned out,” said Kaspersky, “that an unsuspecting employee of the company had willingly downloaded a third-party application from a legitimate looking website and their computer had been infected with malware known as Fallchill, an old tool that Lazarus has recently switched back to.”

macOS also vulnerable

Kaspersky says the attackers went “the extra mile” and then also developed malware for other platforms, including for macOS. 

Lazarus is thought to have previous form with Sony Pictures

“A version for Linux is apparently coming soon, according to the website. It’s probably the first time we see this APT group using malware for macOS. The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms.”

Lazarus’ earliest attack was “Operation Troy”, which took place from 2009–2012. It’s thought Lazarus was behind an attack on Sony Pictures in 2014.

North Korean hackers managed to steal US$7m from South Korean exchange Bithumb in February 2017.

Post written by Chris Wheal
Chris Wheal is editor of OpenLedger's news and features service. An award-wining business journalists himself, he runs a team of freelance journalists from across the UK and north America.

Related News

OL DEX is closing all activities April 25, 2020
USDT (ERC-20) Gateway Enabled April 17, 2020