Skip to main content

macOS users targeted by new Lazarus attack

(Image credit: Image Credit: David McBee / Pexels)

If you’re into cryptocurrency trading, you might want to pay attention, because a new malware is making rounds that’s stealing people’s money from crypto exchanges.

And no, macOS is not safe either, there’s a version for Apple’s operating system, as well. Kaspersky Lab’s researchers from the Global Research and Analysis Team (GReAT) announced they discovered malware dubbed AppleJeus.

In essence, it is a Trojan, but works on an interesting principle. The program that the victim initially downloads isn’t malicious. At first, it looks legit, and its (fake) goal is to provide cryptocurrency trading services. However, in the background it collects data on the system, and if it deems the system a good target, an ‘updater’ turns on, installing the malicious code as an update.

The update installs the Fallchill Trojan, allegedly belonging to the infamous Lazarus group. Fallichill provides the attackers with unlimited access to the attacked computer. Basically, your bitcoin becomes their bitcoin.

Kaspersky says this is the first time Lazarus targeted macOS users, as well. “It represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity” it says.

The company also says that this isn’t a supply-chain attack, even though it seems so at first glance.

 “We noticed a growing interest of the Lazarus Group in cryptocurrency markets at the beginning of 2017, when Monero mining software was installed on one of their servers by a Lazarus operator,” said notes Vitaly Kamluk, Head of GReAT APAC team at Kaspersky Lab.

“Since then, they have been spotted several times targeting cryptocurrency exchanges alongside regular financial organizations. The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future. For macOS users this case is a wakeup call, especially if they use their Macs to perform operations with cryptocurrencies."

Image Credit: David McBee / Pexels

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.