North Korean hackers target Windows and Mac platforms in exchange attack
Kaspersky Lab has confirmed that North Korean hackers targeted both Windows and Mac operating systems with a new malware hack, infecting a crypto exchange. The name of the exchange was not confirmed. The hackers are the notorious Lazarus Group, claims Kaspersky Lab.
The move came to light while the anti-virus company was investigating a cryptocurrency exchange attack. The unnamed victim had been infected thanks to a trojanized cryptocurrency trading app, recommended to the company through an email.
“It turned out,” said Kaspersky, “that an unsuspecting employee of the company had willingly downloaded a third-party application from a legitimate looking website and their computer had been infected with malware known as Fallchill, an old tool that Lazarus has recently switched back to.”
macOS also vulnerable
Kaspersky says the attackers went “the extra mile” and then also developed malware for other platforms, including for macOS.
“A version for Linux is apparently coming soon, according to the website. It’s probably the first time we see this APT group using malware for macOS. The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms.”
Lazarus’ earliest attack was “Operation Troy”, which took place from 2009–2012. It’s thought Lazarus was behind an attack on Sony Pictures in 2014.
North Korean hackers managed to steal US$7m from South Korean exchange Bithumb in February 2017.