According to research published on Sunday, hackers who are said to be sponsored by North Korea have found a novel way to attack Apple computers.
The popular Lazarus Group, which is considered by the U.S. government and many cybersecurity companies to be sponsored by North Korea, are trying to get into Macs by using some fake cryptocurrency software developed by a front company.
Apple Mac security specialist and principal security researcher at Jamf Patrick Wardle explains how it works:
“The hackers created a fake company complete with an official-looking website. In this latest case, the North Koreans set up the front company, JMT Trading.”
After that, they wrote an open-source cryptocurrency trading application and uploaded it on the code-sharing site GitHub. However, there was malware hidden within the code, and when downloaded onto a targeted PC, it would give the hacker the ability to do anything they wanted on the Mac.
As Wardle writes in a blog post:
“The ability to remotely execute commands clearly gives a remote attacker full and extensible control over the infected macOS system.”
The latest attack on macOS follows a modus operandi that is similar to a previous campaign found by Russin cybersecurity firm Kaspersky in August 2018. At that time, again, a front company – Celas LLC – was created to target the cryptocurrency sector.
“Do you have to worry about getting infected? Probably not, unless you’re an employee working at a cryptocurrency exchange,” Patrick Wardle said.