2018-8-28 12:49 |
It is a never-ending cat-and-mouse game between crypto exchanges and hackers. While exchanges will do their best to secure their clients’ digital assets, hackers will inevitably find some system vulnerability to exploit. Recently, North Korean hacker group Lazarus was reported to have successfully breached an Asian-based crypto exchange, but it is yet unclear if there is any financial loss resulting from the incident.
Lazarus Group Deploys First-Ever Mac MalwareNorth Korea’s Lazarus Group was reported to have just deployed its first Mac malware, according to a report by Bleeping Computer. Unfortunately for crypto holders, Lazarus’ target this time is a cryptocurrency exchange platform based in Asia. But the report failed to identify which exchange was breached by the hackers.
The hack was confirmed by Russian antivirus company Kaspersky Lab via an email, according to the publication. Kaspersky, which analyzed the aftermath of the crypto exchange’s hack, also said that it might have even been Lazarus’ first-ever Mac malware.
Unfortunately, even the Russian antivirus vendor is yet unclear if there were financial loss involved. In the email, Kaspersky Lab’s Vitaly Kamluk told Bleeping Computer:
“The company was breached successfully, but we are not aware of any financial loss. We assume the threat was contained based on our notification.”
Trojan App Downloaded by EmployeeBased on Kaspersky’s investigations, the hack, which was codenamed Operation AppleJeus, was triggered by a trojan. Apparently, the employee downloaded a crypto trading app from a legitimate-looking site claiming to be a software firm.
Unfortunately, the app that the crypto exchange employee downloaded was fake. What’s worse is that it contained malware called Fallchill, a remote access trojan that the Lazarus Group deployed back in 2016 for Windows OS. It was the first time that Kaspersky encountered a Mac version of Fallchill.
According to investigators, Lazarus’ method to introduce Fallchill into their targeted system is particularly sneaky. The trojan itself is not embedded in the crypto app, which makes it undetectable at first. Lazarus made some revisions to the app’s update component, allowing it to download Fallchill at a later date.
While Kaspersky did not identify which crypto exchange was targeted by the AppleJeus hack, it gave out some clues. According to Kamluk, the exchange is not based in South Korea:
“We are aware of waves of attacks on supply chains in South Korea this year, but AppleJeus is unrelated to these attacks. The victim was not located in South Korea.”
Hacker Group Lazarus Breached an Asian Crypto Exchange Via Mac Malware was originally found on [blokt] - Blockchain, Bitcoin & Cryptocurrency News.
Similar to Notcoin - Blum - Airdrops In 2024