AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware
<!---->
<!--Sections-->
<!--Sections-->
Wednesday, Oct 03, 2018 | Last Update : 12:26 AM IST
search on deccanchronicle.com
googletag.cmd.push(function() googletag.display("div-gpt-ad-1508994612338-0"); );
AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware
DECCAN CHRONICLE.
Published <!-- -->Sep 2, 2018, 6:25 pm IST
Updated <!-- -->Sep 2, 2018, 6:25 pm IST
<!-- -->The goal of the attack was to steal cryptocurrency from their victims. n addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform. (Representational image)
Researchers in Kaspersky Lab’s Global Research and Analysis Team (GReAT) have discovered AppleJeus — a new malicious operation by the infamous Lazarus group. The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanised cryptocurrency trading software. The goal of the attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform.
This is the first case where researchers have observed the notorious Lazarus group distributing malware that targets macOS users, and it represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity.
Based on the analysis by GReAT, the penetration of the stock exchange’s infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate looking website of a company that develops software for cryptocurrency trading.
(adsbygoogle = window.adsbygoogle || ).push();
The application’s code is not suspicious, with the exception of one component – an updater. In legitimate software, such components are used to download new versions of programs. In the case of AppleJeus, it acts like a reconnaissance module: first it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update. The malicious update installs a Trojan known as Fallchill, an old tool that the Lazarus group has recently switched back to. This fact provided the researchers with a base for attribution. Upon installation, the Fallchill Trojan provides the attackers with almost unlimited access to the attacked computer, allowing them to steal valuable financial information or to deploy additional tools for that purpose.
The situation was exacerbated by the fact that the criminals have developed software for both the Windows and macOS platform. The latter is generally far less exposed to cyber threats than Windows. The functionality of both platform versions of the malware is exactly the same.
Another unusual thing about the AppleJeus operation is that while it looks like a supply-chain attack, in reality, this may not be the case. The vendor of the cryptocurrency trading software that was used to deliver the malicious payload to the victims’ computers has a valid digital certificate for signing its software and legitimate looking registration records for the domain. However, at least based on publicly available information, researchers could not identify any legitimate organisation located at the address used in the certificate’s information.
Furthermore, the Lazarus group, known for its sophisticated operations and links to North Korea is noted not only for its cyberespionage and cybersabotage attacks but also for financially motivated attacks. A number of researchers, including at Kaspersky Lab, have previously reported on this group targeting banks and other large financial enterprises.
In order to protect yourself and your company from sophisticated cyber attacks from groups such as Lazarus, users are advised to not automatically trust the code running on your systems. Neither an authentic looking website, nor a solid company profile, nor digital certificates guarantees the absence of backdoors.
Users are advised to use a robust security solution, equipped with malicious-behaviour detection technologies that enable even previously unknown threats to be caught.
Subscribe your organisation’s security team to a high-quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.
Use multi-factor authentication and hardware wallets if you are dealing with significant financial transactions. For this purpose, preferably use a standalone, isolated computer that you do not use to browse the internet or read email.
Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter.
end-of
Tags: kaspersky, macos, apple
(adsbygoogle = window.adsbygoogle || ).push();
<!--
-->
<!--
-->
<!----><!---->
<!--
(adsbygoogle = window.adsbygoogle || ).push();
<!--
MOST POPULAR
World’s first Hyperloop passenger capsule unveiled
<!-- -->
Scientists decode why too many choices hinder decision making
<!-- -->
96 movie review: Vijay Sethupathi shines, Trisha’s best-ever act in must-watch story
<!-- -->
SBI vows to become plastic free organisation in one year
<!-- -->
Best budget gaming smartphones in India (October 2018)
<!-- -->
Viagra may cause irreversible damage to colour vision
<!-- -->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423809897472-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810071219-0"); );
-->
More From Other News
Vivaldi browser upgraded to version 2.0
<!-- 13 Jul 2015 2:11 PM IST -->
Qualcomm accuses Apple of stealing its secrets to help Intel
<!-- 13 Jul 2015 2:11 PM IST -->
Google to acknowledge privacy mistakes as US seeks input
<!-- 13 Jul 2015 2:11 PM IST -->
Google to allow certain cryptocurrency ads in US, Japan
<!-- 13 Jul 2015 2:11 PM IST -->
Apple, Salesforce teaming up on mobile apps for business
<!-- 13 Jul 2015 2:11 PM IST -->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810244263-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810531536-0"); );
-->
"@context": "http://schema.org",
"@type": "NewsArticle",
"mainEntityOfPage":
"@type": "WebPage",
"@id": "https://www.deccanchronicle.com/technology/in-other-news/020918/applejeus-lazarus-group-hunts-cryptocurrency-exchanges-using-macos-ma.html"
,
"headline": "AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware",
"image":
"@type": "ImageObject",
"url": "https://s3.ap-southeast-1.amazonaws.com/images.deccanchronicle.com/dc-Cover-up9ivokco0k7ibrnbmrt4u5p15-20180902182217.Medi.jpeg",
"height": 400,
"width": 800
,
"datePublished": "Sep 2, 2018, 6:25 pm IST",
"dateModified": "Sep 2, 2018, 6:25 pm IST",
"author":
"@type": "Person",
"name": "Deccan Chronicle."
,
"publisher":
"@type": "Organization",
"name": "Deccan Chronicle",
"logo":
"@type": "ImageObject",
"url": "https://www.deccanchronicle.com/images/logo.png",
"width": 292,
"height": 60
,
"description": "The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanised cryptocurrency trading software."
.footer .gsc-clear-button,#toggleNav .gsc-clear-button,.google-search .gsc-clear-buttondisplay:none;
.gsc-search-box table tr td, .gsc-results-wrapper-overlay table tr td border:0; text-align: left;
.cse input.gsc-search-button, input.gsc-search-buttonheight: auto;
.modal-dialog
width: 80%;
height: 90%;
padding: 0;
.modal-content
height: 100%;
.modal-body
height: 80%;
(function()
var cx = 'partner-pub-0807768744011217:nsp3iv-vyie';
var gcse = document.createElement('script');
gcse.type = 'text/javascript';
gcse.async = true;
gcse.src = 'https://cse.google.com/cse.js?cx=' + cx;
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(gcse, s);
)();
window.onload = function()
document.getElementById('gsc-i-id1').placeholder = 'Search';
;
$(function () $("[data-toggle = 'tooltip']").tooltip(); );
function openModel(src,nTitle)
$('#myModal').modal('show');
$('#myModalLabel').html(nTitle);
$('#subFrame').attr('src', src);
$('#subFrame').attr('width','100%');
$('#subFrame').attr('height','100%');
(function(i,s,o,g,r,a,m)function()).push(arguments),i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
)(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-6844050-1', 'auto');
ga('send', 'pageview');
/*if ($('#div-gpt-ad-1472539284604-0').length)
googletag.cmd.push(function() googletag.display('div-gpt-ad-1472539284604-0'); );
*/
if ($('#div-gpt-ad-1452670411237-0').length)
googletag.cmd.push(function() googletag.display("div-gpt-ad-1452670411237-0"); );
if ($('#div-gpt-ad-1423809897472-0').length)
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423809897472-0"); );
if ($('#div-gpt-ad-1423810071219-0').length)
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810071219-0"); );
if ($('#div-gpt-ad-1423810244263-0').length)
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810244263-0"); );
if ($('#div-gpt-ad-1423810531536-0').length)
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810531536-0"); );
if ($('#div-gpt-ad-1423810681887-0').length)
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810681887-0"); );
if ($('#div-gpt-ad-1423810779586-0').length)
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810779586-0"); );
var _comscore = _comscore || ;
_comscore.push( c1: "2", c2: "17503308" );
(function()
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
)();
<!---->
<!--Sections-->
<!--Sections-->
<!---->
<!--Sections-->
<!--Sections-->
<!---->
<!---->
<!--Sections-->
<!--Sections-->
<!--Sections-->
Wednesday, Oct 03, 2018 | Last Update : 12:26 AM IST
search on deccanchronicle.com
Wednesday, Oct 03, 2018 | Last Update : 12:26 AM IST
search on deccanchronicle.com
Wednesday, Oct 03, 2018 | Last Update : 12:26 AM IST
Wednesday, Oct 03, 2018 | Last Update : 12:26 AM IST
search on deccanchronicle.com
googletag.cmd.push(function() googletag.display("div-gpt-ad-1508994612338-0"); );
googletag.cmd.push(function() googletag.display("div-gpt-ad-1508994612338-0"); );
googletag.cmd.push(function() googletag.display("div-gpt-ad-1508994612338-0"); );
googletag.cmd.push(function() googletag.display("div-gpt-ad-1508994612338-0"); );
AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware
DECCAN CHRONICLE.
Published <!-- -->Sep 2, 2018, 6:25 pm IST
Updated <!-- -->Sep 2, 2018, 6:25 pm IST
<!-- -->The goal of the attack was to steal cryptocurrency from their victims. n addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform. (Representational image)
Researchers in Kaspersky Lab’s Global Research and Analysis Team (GReAT) have discovered AppleJeus — a new malicious operation by the infamous Lazarus group. The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanised cryptocurrency trading software. The goal of the attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform.
This is the first case where researchers have observed the notorious Lazarus group distributing malware that targets macOS users, and it represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity.
Based on the analysis by GReAT, the penetration of the stock exchange’s infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate looking website of a company that develops software for cryptocurrency trading.
(adsbygoogle = window.adsbygoogle || ).push();
The application’s code is not suspicious, with the exception of one component – an updater. In legitimate software, such components are used to download new versions of programs. In the case of AppleJeus, it acts like a reconnaissance module: first it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update. The malicious update installs a Trojan known as Fallchill, an old tool that the Lazarus group has recently switched back to. This fact provided the researchers with a base for attribution. Upon installation, the Fallchill Trojan provides the attackers with almost unlimited access to the attacked computer, allowing them to steal valuable financial information or to deploy additional tools for that purpose.
The situation was exacerbated by the fact that the criminals have developed software for both the Windows and macOS platform. The latter is generally far less exposed to cyber threats than Windows. The functionality of both platform versions of the malware is exactly the same.
Another unusual thing about the AppleJeus operation is that while it looks like a supply-chain attack, in reality, this may not be the case. The vendor of the cryptocurrency trading software that was used to deliver the malicious payload to the victims’ computers has a valid digital certificate for signing its software and legitimate looking registration records for the domain. However, at least based on publicly available information, researchers could not identify any legitimate organisation located at the address used in the certificate’s information.
Furthermore, the Lazarus group, known for its sophisticated operations and links to North Korea is noted not only for its cyberespionage and cybersabotage attacks but also for financially motivated attacks. A number of researchers, including at Kaspersky Lab, have previously reported on this group targeting banks and other large financial enterprises.
In order to protect yourself and your company from sophisticated cyber attacks from groups such as Lazarus, users are advised to not automatically trust the code running on your systems. Neither an authentic looking website, nor a solid company profile, nor digital certificates guarantees the absence of backdoors.
Users are advised to use a robust security solution, equipped with malicious-behaviour detection technologies that enable even previously unknown threats to be caught.
Subscribe your organisation’s security team to a high-quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.
Use multi-factor authentication and hardware wallets if you are dealing with significant financial transactions. For this purpose, preferably use a standalone, isolated computer that you do not use to browse the internet or read email.
Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter.
end-of
Tags: kaspersky, macos, apple
(adsbygoogle = window.adsbygoogle || ).push();
<!--
-->
<!--
-->
<!----><!---->
<!--
(adsbygoogle = window.adsbygoogle || ).push();
<!--
MOST POPULAR
World’s first Hyperloop passenger capsule unveiled
<!-- -->
Scientists decode why too many choices hinder decision making
<!-- -->
96 movie review: Vijay Sethupathi shines, Trisha’s best-ever act in must-watch story
<!-- -->
SBI vows to become plastic free organisation in one year
<!-- -->
Best budget gaming smartphones in India (October 2018)
<!-- -->
Viagra may cause irreversible damage to colour vision
<!-- -->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423809897472-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810071219-0"); );
-->
More From Other News
Vivaldi browser upgraded to version 2.0
<!-- 13 Jul 2015 2:11 PM IST -->
Qualcomm accuses Apple of stealing its secrets to help Intel
<!-- 13 Jul 2015 2:11 PM IST -->
Google to acknowledge privacy mistakes as US seeks input
<!-- 13 Jul 2015 2:11 PM IST -->
Google to allow certain cryptocurrency ads in US, Japan
<!-- 13 Jul 2015 2:11 PM IST -->
Apple, Salesforce teaming up on mobile apps for business
<!-- 13 Jul 2015 2:11 PM IST -->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810244263-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810531536-0"); );
-->
"@context": "http://schema.org",
"@type": "NewsArticle",
"mainEntityOfPage":
"@type": "WebPage",
"@id": "https://www.deccanchronicle.com/technology/in-other-news/020918/applejeus-lazarus-group-hunts-cryptocurrency-exchanges-using-macos-ma.html"
,
"headline": "AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware",
"image":
"@type": "ImageObject",
"url": "https://s3.ap-southeast-1.amazonaws.com/images.deccanchronicle.com/dc-Cover-up9ivokco0k7ibrnbmrt4u5p15-20180902182217.Medi.jpeg",
"height": 400,
"width": 800
,
"datePublished": "Sep 2, 2018, 6:25 pm IST",
"dateModified": "Sep 2, 2018, 6:25 pm IST",
"author":
"@type": "Person",
"name": "Deccan Chronicle."
,
"publisher":
"@type": "Organization",
"name": "Deccan Chronicle",
"logo":
"@type": "ImageObject",
"url": "https://www.deccanchronicle.com/images/logo.png",
"width": 292,
"height": 60
,
"description": "The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanised cryptocurrency trading software."
AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware
DECCAN CHRONICLE.
Published <!-- -->Sep 2, 2018, 6:25 pm IST
Updated <!-- -->Sep 2, 2018, 6:25 pm IST
<!-- -->The goal of the attack was to steal cryptocurrency from their victims. n addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform. (Representational image)
Researchers in Kaspersky Lab’s Global Research and Analysis Team (GReAT) have discovered AppleJeus — a new malicious operation by the infamous Lazarus group. The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanised cryptocurrency trading software. The goal of the attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform.
This is the first case where researchers have observed the notorious Lazarus group distributing malware that targets macOS users, and it represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity.
Based on the analysis by GReAT, the penetration of the stock exchange’s infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate looking website of a company that develops software for cryptocurrency trading.
(adsbygoogle = window.adsbygoogle || ).push();
The application’s code is not suspicious, with the exception of one component – an updater. In legitimate software, such components are used to download new versions of programs. In the case of AppleJeus, it acts like a reconnaissance module: first it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update. The malicious update installs a Trojan known as Fallchill, an old tool that the Lazarus group has recently switched back to. This fact provided the researchers with a base for attribution. Upon installation, the Fallchill Trojan provides the attackers with almost unlimited access to the attacked computer, allowing them to steal valuable financial information or to deploy additional tools for that purpose.
The situation was exacerbated by the fact that the criminals have developed software for both the Windows and macOS platform. The latter is generally far less exposed to cyber threats than Windows. The functionality of both platform versions of the malware is exactly the same.
Another unusual thing about the AppleJeus operation is that while it looks like a supply-chain attack, in reality, this may not be the case. The vendor of the cryptocurrency trading software that was used to deliver the malicious payload to the victims’ computers has a valid digital certificate for signing its software and legitimate looking registration records for the domain. However, at least based on publicly available information, researchers could not identify any legitimate organisation located at the address used in the certificate’s information.
Furthermore, the Lazarus group, known for its sophisticated operations and links to North Korea is noted not only for its cyberespionage and cybersabotage attacks but also for financially motivated attacks. A number of researchers, including at Kaspersky Lab, have previously reported on this group targeting banks and other large financial enterprises.
In order to protect yourself and your company from sophisticated cyber attacks from groups such as Lazarus, users are advised to not automatically trust the code running on your systems. Neither an authentic looking website, nor a solid company profile, nor digital certificates guarantees the absence of backdoors.
Users are advised to use a robust security solution, equipped with malicious-behaviour detection technologies that enable even previously unknown threats to be caught.
Subscribe your organisation’s security team to a high-quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.
Use multi-factor authentication and hardware wallets if you are dealing with significant financial transactions. For this purpose, preferably use a standalone, isolated computer that you do not use to browse the internet or read email.
Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter.
end-of
Tags: kaspersky, macos, apple
(adsbygoogle = window.adsbygoogle || ).push();
<!--
-->
<!--
-->
<!----><!---->
<!--
AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware
DECCAN CHRONICLE.
Published <!-- -->Sep 2, 2018, 6:25 pm IST
Updated <!-- -->Sep 2, 2018, 6:25 pm IST
<!-- -->The goal of the attack was to steal cryptocurrency from their victims. n addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform. (Representational image)
Researchers in Kaspersky Lab’s Global Research and Analysis Team (GReAT) have discovered AppleJeus — a new malicious operation by the infamous Lazarus group. The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanised cryptocurrency trading software. The goal of the attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform.
This is the first case where researchers have observed the notorious Lazarus group distributing malware that targets macOS users, and it represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity.
Based on the analysis by GReAT, the penetration of the stock exchange’s infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate looking website of a company that develops software for cryptocurrency trading.
(adsbygoogle = window.adsbygoogle || ).push();
The application’s code is not suspicious, with the exception of one component – an updater. In legitimate software, such components are used to download new versions of programs. In the case of AppleJeus, it acts like a reconnaissance module: first it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update. The malicious update installs a Trojan known as Fallchill, an old tool that the Lazarus group has recently switched back to. This fact provided the researchers with a base for attribution. Upon installation, the Fallchill Trojan provides the attackers with almost unlimited access to the attacked computer, allowing them to steal valuable financial information or to deploy additional tools for that purpose.
The situation was exacerbated by the fact that the criminals have developed software for both the Windows and macOS platform. The latter is generally far less exposed to cyber threats than Windows. The functionality of both platform versions of the malware is exactly the same.
Another unusual thing about the AppleJeus operation is that while it looks like a supply-chain attack, in reality, this may not be the case. The vendor of the cryptocurrency trading software that was used to deliver the malicious payload to the victims’ computers has a valid digital certificate for signing its software and legitimate looking registration records for the domain. However, at least based on publicly available information, researchers could not identify any legitimate organisation located at the address used in the certificate’s information.
Furthermore, the Lazarus group, known for its sophisticated operations and links to North Korea is noted not only for its cyberespionage and cybersabotage attacks but also for financially motivated attacks. A number of researchers, including at Kaspersky Lab, have previously reported on this group targeting banks and other large financial enterprises.
In order to protect yourself and your company from sophisticated cyber attacks from groups such as Lazarus, users are advised to not automatically trust the code running on your systems. Neither an authentic looking website, nor a solid company profile, nor digital certificates guarantees the absence of backdoors.
Users are advised to use a robust security solution, equipped with malicious-behaviour detection technologies that enable even previously unknown threats to be caught.
Subscribe your organisation’s security team to a high-quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.
Use multi-factor authentication and hardware wallets if you are dealing with significant financial transactions. For this purpose, preferably use a standalone, isolated computer that you do not use to browse the internet or read email.
Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter.
end-of
Tags: kaspersky, macos, apple
AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware
DECCAN CHRONICLE.
Published <!-- -->Sep 2, 2018, 6:25 pm IST
Updated <!-- -->Sep 2, 2018, 6:25 pm IST
<!-- -->The goal of the attack was to steal cryptocurrency from their victims. n addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform. (Representational image)
Researchers in Kaspersky Lab’s Global Research and Analysis Team (GReAT) have discovered AppleJeus — a new malicious operation by the infamous Lazarus group. The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanised cryptocurrency trading software. The goal of the attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform.
This is the first case where researchers have observed the notorious Lazarus group distributing malware that targets macOS users, and it represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity.
Based on the analysis by GReAT, the penetration of the stock exchange’s infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate looking website of a company that develops software for cryptocurrency trading.
(adsbygoogle = window.adsbygoogle || ).push();
The application’s code is not suspicious, with the exception of one component – an updater. In legitimate software, such components are used to download new versions of programs. In the case of AppleJeus, it acts like a reconnaissance module: first it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update. The malicious update installs a Trojan known as Fallchill, an old tool that the Lazarus group has recently switched back to. This fact provided the researchers with a base for attribution. Upon installation, the Fallchill Trojan provides the attackers with almost unlimited access to the attacked computer, allowing them to steal valuable financial information or to deploy additional tools for that purpose.
The situation was exacerbated by the fact that the criminals have developed software for both the Windows and macOS platform. The latter is generally far less exposed to cyber threats than Windows. The functionality of both platform versions of the malware is exactly the same.
Another unusual thing about the AppleJeus operation is that while it looks like a supply-chain attack, in reality, this may not be the case. The vendor of the cryptocurrency trading software that was used to deliver the malicious payload to the victims’ computers has a valid digital certificate for signing its software and legitimate looking registration records for the domain. However, at least based on publicly available information, researchers could not identify any legitimate organisation located at the address used in the certificate’s information.
Furthermore, the Lazarus group, known for its sophisticated operations and links to North Korea is noted not only for its cyberespionage and cybersabotage attacks but also for financially motivated attacks. A number of researchers, including at Kaspersky Lab, have previously reported on this group targeting banks and other large financial enterprises.
In order to protect yourself and your company from sophisticated cyber attacks from groups such as Lazarus, users are advised to not automatically trust the code running on your systems. Neither an authentic looking website, nor a solid company profile, nor digital certificates guarantees the absence of backdoors.
Users are advised to use a robust security solution, equipped with malicious-behaviour detection technologies that enable even previously unknown threats to be caught.
Subscribe your organisation’s security team to a high-quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.
Use multi-factor authentication and hardware wallets if you are dealing with significant financial transactions. For this purpose, preferably use a standalone, isolated computer that you do not use to browse the internet or read email.
Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter.
end-of
Tags: kaspersky, macos, apple
DECCAN CHRONICLE.
Published <!-- -->Sep 2, 2018, 6:25 pm IST
Updated <!-- -->Sep 2, 2018, 6:25 pm IST
Published <!-- -->Sep 2, 2018, 6:25 pm IST
Updated <!-- -->Sep 2, 2018, 6:25 pm IST
Published <!-- -->Sep 2, 2018, 6:25 pm IST
Updated <!-- -->Sep 2, 2018, 6:25 pm IST
<!-- -->The goal of the attack was to steal cryptocurrency from their victims. n addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform. (Representational image)
Researchers in Kaspersky Lab’s Global Research and Analysis Team (GReAT) have discovered AppleJeus — a new malicious operation by the infamous Lazarus group. The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanised cryptocurrency trading software. The goal of the attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform.
This is the first case where researchers have observed the notorious Lazarus group distributing malware that targets macOS users, and it represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity.
Based on the analysis by GReAT, the penetration of the stock exchange’s infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate looking website of a company that develops software for cryptocurrency trading.
(adsbygoogle = window.adsbygoogle || ).push();
The application’s code is not suspicious, with the exception of one component – an updater. In legitimate software, such components are used to download new versions of programs. In the case of AppleJeus, it acts like a reconnaissance module: first it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update. The malicious update installs a Trojan known as Fallchill, an old tool that the Lazarus group has recently switched back to. This fact provided the researchers with a base for attribution. Upon installation, the Fallchill Trojan provides the attackers with almost unlimited access to the attacked computer, allowing them to steal valuable financial information or to deploy additional tools for that purpose.
The situation was exacerbated by the fact that the criminals have developed software for both the Windows and macOS platform. The latter is generally far less exposed to cyber threats than Windows. The functionality of both platform versions of the malware is exactly the same.
Another unusual thing about the AppleJeus operation is that while it looks like a supply-chain attack, in reality, this may not be the case. The vendor of the cryptocurrency trading software that was used to deliver the malicious payload to the victims’ computers has a valid digital certificate for signing its software and legitimate looking registration records for the domain. However, at least based on publicly available information, researchers could not identify any legitimate organisation located at the address used in the certificate’s information.
Furthermore, the Lazarus group, known for its sophisticated operations and links to North Korea is noted not only for its cyberespionage and cybersabotage attacks but also for financially motivated attacks. A number of researchers, including at Kaspersky Lab, have previously reported on this group targeting banks and other large financial enterprises.
In order to protect yourself and your company from sophisticated cyber attacks from groups such as Lazarus, users are advised to not automatically trust the code running on your systems. Neither an authentic looking website, nor a solid company profile, nor digital certificates guarantees the absence of backdoors.
Users are advised to use a robust security solution, equipped with malicious-behaviour detection technologies that enable even previously unknown threats to be caught.
Subscribe your organisation’s security team to a high-quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.
Use multi-factor authentication and hardware wallets if you are dealing with significant financial transactions. For this purpose, preferably use a standalone, isolated computer that you do not use to browse the internet or read email.
Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter.
end-of
Tags: kaspersky, macos, apple
<!-- -->The goal of the attack was to steal cryptocurrency from their victims. n addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform. (Representational image)
The goal of the attack was to steal cryptocurrency from their victims. n addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform. (Representational image)
Researchers in Kaspersky Lab’s Global Research and Analysis Team (GReAT) have discovered AppleJeus — a new malicious operation by the infamous Lazarus group. The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanised cryptocurrency trading software. The goal of the attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform.
This is the first case where researchers have observed the notorious Lazarus group distributing malware that targets macOS users, and it represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity.
Based on the analysis by GReAT, the penetration of the stock exchange’s infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate looking website of a company that develops software for cryptocurrency trading.
(adsbygoogle = window.adsbygoogle || ).push();
The application’s code is not suspicious, with the exception of one component – an updater. In legitimate software, such components are used to download new versions of programs. In the case of AppleJeus, it acts like a reconnaissance module: first it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update. The malicious update installs a Trojan known as Fallchill, an old tool that the Lazarus group has recently switched back to. This fact provided the researchers with a base for attribution. Upon installation, the Fallchill Trojan provides the attackers with almost unlimited access to the attacked computer, allowing them to steal valuable financial information or to deploy additional tools for that purpose.
The situation was exacerbated by the fact that the criminals have developed software for both the Windows and macOS platform. The latter is generally far less exposed to cyber threats than Windows. The functionality of both platform versions of the malware is exactly the same.
Another unusual thing about the AppleJeus operation is that while it looks like a supply-chain attack, in reality, this may not be the case. The vendor of the cryptocurrency trading software that was used to deliver the malicious payload to the victims’ computers has a valid digital certificate for signing its software and legitimate looking registration records for the domain. However, at least based on publicly available information, researchers could not identify any legitimate organisation located at the address used in the certificate’s information.
Furthermore, the Lazarus group, known for its sophisticated operations and links to North Korea is noted not only for its cyberespionage and cybersabotage attacks but also for financially motivated attacks. A number of researchers, including at Kaspersky Lab, have previously reported on this group targeting banks and other large financial enterprises.
In order to protect yourself and your company from sophisticated cyber attacks from groups such as Lazarus, users are advised to not automatically trust the code running on your systems. Neither an authentic looking website, nor a solid company profile, nor digital certificates guarantees the absence of backdoors.
Users are advised to use a robust security solution, equipped with malicious-behaviour detection technologies that enable even previously unknown threats to be caught.
Subscribe your organisation’s security team to a high-quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.
Use multi-factor authentication and hardware wallets if you are dealing with significant financial transactions. For this purpose, preferably use a standalone, isolated computer that you do not use to browse the internet or read email.
Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter.
end-of
(adsbygoogle = window.adsbygoogle || ).push();
Tags: kaspersky, macos, apple
(adsbygoogle = window.adsbygoogle || ).push();
(adsbygoogle = window.adsbygoogle || ).push();
(adsbygoogle = window.adsbygoogle || ).push();
MOST POPULAR
World’s first Hyperloop passenger capsule unveiled
<!-- -->
Scientists decode why too many choices hinder decision making
<!-- -->
96 movie review: Vijay Sethupathi shines, Trisha’s best-ever act in must-watch story
<!-- -->
SBI vows to become plastic free organisation in one year
<!-- -->
Best budget gaming smartphones in India (October 2018)
<!-- -->
Viagra may cause irreversible damage to colour vision
<!-- -->
MOST POPULAR
World’s first Hyperloop passenger capsule unveiled
<!-- -->
Scientists decode why too many choices hinder decision making
<!-- -->
96 movie review: Vijay Sethupathi shines, Trisha’s best-ever act in must-watch story
<!-- -->
SBI vows to become plastic free organisation in one year
<!-- -->
Best budget gaming smartphones in India (October 2018)
<!-- -->
Viagra may cause irreversible damage to colour vision
<!-- -->
MOST POPULAR
World’s first Hyperloop passenger capsule unveiled
<!-- -->
Scientists decode why too many choices hinder decision making
<!-- -->
96 movie review: Vijay Sethupathi shines, Trisha’s best-ever act in must-watch story
<!-- -->
SBI vows to become plastic free organisation in one year
<!-- -->
Best budget gaming smartphones in India (October 2018)
<!-- -->
Viagra may cause irreversible damage to colour vision
<!-- -->
World’s first Hyperloop passenger capsule unveiled
<!-- -->
World’s first Hyperloop passenger capsule unveiled
<!-- -->
Scientists decode why too many choices hinder decision making
<!-- -->
Scientists decode why too many choices hinder decision making
<!-- -->
96 movie review: Vijay Sethupathi shines, Trisha’s best-ever act in must-watch story
<!-- -->
96 movie review: Vijay Sethupathi shines, Trisha’s best-ever act in must-watch story
<!-- -->
SBI vows to become plastic free organisation in one year
<!-- -->
SBI vows to become plastic free organisation in one year
<!-- -->
Best budget gaming smartphones in India (October 2018)
<!-- -->
Best budget gaming smartphones in India (October 2018)
<!-- -->
Viagra may cause irreversible damage to colour vision
<!-- -->
Viagra may cause irreversible damage to colour vision
<!-- -->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423809897472-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423809897472-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810071219-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810071219-0"); );
-->
More From Other News
Vivaldi browser upgraded to version 2.0
<!-- 13 Jul 2015 2:11 PM IST -->
Qualcomm accuses Apple of stealing its secrets to help Intel
<!-- 13 Jul 2015 2:11 PM IST -->
Google to acknowledge privacy mistakes as US seeks input
<!-- 13 Jul 2015 2:11 PM IST -->
Google to allow certain cryptocurrency ads in US, Japan
<!-- 13 Jul 2015 2:11 PM IST -->
Apple, Salesforce teaming up on mobile apps for business
<!-- 13 Jul 2015 2:11 PM IST -->
Vivaldi browser upgraded to version 2.0
<!-- 13 Jul 2015 2:11 PM IST -->
Vivaldi browser upgraded to version 2.0
<!-- 13 Jul 2015 2:11 PM IST -->
Qualcomm accuses Apple of stealing its secrets to help Intel
<!-- 13 Jul 2015 2:11 PM IST -->
Qualcomm accuses Apple of stealing its secrets to help Intel
<!-- 13 Jul 2015 2:11 PM IST -->
Google to acknowledge privacy mistakes as US seeks input
<!-- 13 Jul 2015 2:11 PM IST -->
Google to acknowledge privacy mistakes as US seeks input
<!-- 13 Jul 2015 2:11 PM IST -->
Google to allow certain cryptocurrency ads in US, Japan
<!-- 13 Jul 2015 2:11 PM IST -->
Google to allow certain cryptocurrency ads in US, Japan
<!-- 13 Jul 2015 2:11 PM IST -->
Apple, Salesforce teaming up on mobile apps for business
<!-- 13 Jul 2015 2:11 PM IST -->
Apple, Salesforce teaming up on mobile apps for business
<!-- 13 Jul 2015 2:11 PM IST -->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810244263-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810244263-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810531536-0"); );
-->
<!--
googletag.cmd.push(function() googletag.display("div-gpt-ad-1423810531536-0"); );
-->
Copyright © 2015 - 2018 Deccan Chronicle.
Designed, Developed & Maintained By Daksham
Copyright © 2015 - 2018 Deccan Chronicle.
Designed, Developed & Maintained By Daksham
Prayers
Clash Royale CLAN TAG#URR8PPP
