New Malware Piggybacks Crypto Trading App to Target Exchanges

New Malware Piggybacks Crypto Trading App to Target Exchanges
фото показано с : blokt.com

2018-8-28 18:02

Same threat, a new package and a modified modus operandi — that’s probably the best way to describe the new “AppleJeus” malware. It is engineered to stealthily infiltrate macOS systems, disguised as a legitimate trading app, and will wreak havoc if they deem the infected machines worth pursuing.

According to the experts at Kaspersky Lab’s Global Research and Analysis Team (GReAT), “Operation AppleJeus” is a handiwork of the Lazarus Group, a notorious hackers-collective with alleged ties to the North Korean government. The group is believed to be behind a number of high-profile breaches in the past and is known to be motivated by financial objectives.

New Malware by Lazarus Group Targets macOS

The researchers at GReAT came across AppleJeus while investigating a security breach in a cryptocurrency exchange. Upon further analysis, they figured that the malware has been designed specifically to attack systems running Apple’s macOS. One of the primary targets of the malware seems to be cryptocurrency exchanges.

Considering that it is the first-of-its-kind malware by Lazarus Group that specifically targets macOS, it is very likely that the group might be trying to move on to a much broader range of target platforms. There could also be a Linux variant of AppleJeus, the GReAT report noted. If true, this would imply that the infamous hackers-collective is focusing on building different versions of the same malware to minimize compatibility issues and maximize damage.

Kaspersky Labs has cautioned that this should be treated as a wake-up call by all non-Windows platforms.

A Well-Disguised Threat

The most alarming aspect about AppleJeus is that it piggybacks on a seemingly legitimate trading app called Celas Trade Pro. The publisher of the app, Celas Limited, has a valid digital certificate to sign software and legit-looking registration details for its domain.

However, further investigation revealed that the address provided by the company is actually bogus and doesn’t host any business by the name of Celas Limited. That was possibly the first major clue, and as the researchers looked at Celas Trade Pro’s code, they found something even more unsettling.

How Does AppleJeus Infect Its Targets?

According to the report, once a user downloads and installs Celas Trade Pro on their computer running macOS, the app stealthily installs a hidden “autoupdater.”

Now, autoupdaters are a fairly common module in most apps. Usually, they are tasked with automatically searching for and downloading newer versions of the app with appropriate user permission.

However, in the case of Celas Trade Pro, the autoupdater is specifically programmed to collect information about the host machine before transmitting the data to a command-and-control server.

The perpetrators then intercept the data and analyze it to decide if the infected machine is worth their time. If they find it “interesting” enough, the next step involves the app secretly downloading a trojan program called FallChill. If immediate remedial steps are not taken, FallChill can provide the attackers with a practically limitless access to the infected machine, enabling them to get away with valuable financial data (or any other kind of data they want, for that matter).

New Malware Piggybacks Crypto Trading App to Target Exchanges was originally found on [blokt] - Blockchain, Bitcoin & Cryptocurrency News.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Time New Bank (TNB) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.01 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Цена в час новости $ 0.0126312 (-100%)

new malware app trading exchanges crypto piggybacks

new malware → Результатов: 41


Фото:

New Malware Sheds Light on How Cryptocurrency Exchanges Get Hacked

Ever wondered how cryptocurrency exchanges get hacked? Well, a new malware attempt by a North Korean hacking group might reveal some of what goes into such an attack. The new malware operates under the guise of a client-side trading software called “JTM Trading Software” and appears to be operated by the infamous North Korean Lazarus […] The post New Malware Sheds Light on How Cryptocurrency Exchanges Get Hacked appeared first on BeInCrypto.

2019-10-16 08:17


Фото:

As Crypto ATMs Gain Popularity, Hackers Are Peddling Malware Targeting the Machines

Observant people living in major urban centers might have noticed by now a new type of ATM popping up. These are called cryptocurrency ATMs, and they do not need cards to operate. They are in place to cater to the need of some crypto holders who want to quickly exchange some of their digital coins […] As Crypto ATMs Gain Popularity, Hackers Are Peddling Malware Targeting the Machines was originally found on [blokt] - Blockchain, Bitcoin & Cryptocurrency News.

2018-8-9 16:00


New Mining Malware threatens crypto-world – ZombieBoy

Earlier this week, the presence of a new crypto mining malware was discovered named ZombieBoy. This malware started mining initially at $1000 per month. The existence of this threat was revealed by a Private security researcher, James Quinn Tweet by Latest Hacking News: “ZombieBoy: New Crypto-Mining Malware Exploits Multiple CVEs” ZombieBoy was named after its use […]

2018-8-4 20:57


PowerGhost, the latest Cryptomining malware discovered by Kaspersky

Kaspersky researchers have recently discovered a new cryptojacking campaign named PowerGhost that aims at infecting corporate networks worldwide in order to generate maximum mining profits. Cryptomining malware refers to software programs and malware components that are developed to forcefully take over a computer’s resources and adopt them for cryptocurrency mining without a user’s approval. The cryptojacking […]

2018-7-29 04:55


Фото:

Kapersky Reports New Crypto Mining Malware Targeting Corporate Networks

Researchers at Kaspersky Lab have uncovered a new form of cryptojacking malware targeting corporations in multiple countries, the cybersecurity firm reported Thursday. PowerGhost, a form of fileless malware – which uses a system’s native processes to hijack a computer – has reportedly been spreading on corporate networks in India, Brazil, Colombia and Turkey. The miner

2018-7-27 22:38


Фото:

Report: 2.3 Million Bitcoin biodatas Focused on by Malware That ‘Hijacks’ Windows Clipboard

A new attack on Bitcoin users which gains control of Windows clipboard to swap out addresses is already monitoring 2.3 million targets, sources reported June 30. The malware, part of a family of threats known as “clipboard hijackers,” secretly gains control of memory, running in the background to ensure users do not notice its presence.

2018-7-2 20:18


Фото:

Cryptojacking Up 629% in Q1 2018, Says McAfee Report ‘Infect and Collect’

Cryptojacking malware activity rose a staggering 629 percent in the first quarter of 2018, according to a new report published by cyber security firm McAfee Labs June 27. Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The McAfee Labs Threats Report for June

2018-6-29 16:27