Security News > 2020 > January > In a desperate bid to stay relevant in 2020's geopolitical upheaval, N. Korea upgrades its Apple Jeus macOS malware
Malware hunters are sounding the alarm over a new, more effective version of the North Korean "Apple Jeus" macOS software nasty.
"To attack macOS users, the Lazarus group has developed homemade macOS malware, and added an authentication mechanism to deliver the next stage payload very carefully, as well as loading the next-stage payload without touching the disk."
The malware uses GitHub to host malicious applications and its writers have shifted to using Object-C instead of QT framework for the attack code.
The macOS infection has been spotted operating under the names JMTTrading and UnionCryptoTrader, and in addition to proliferating on a number of cryptocoin exchanges, the malware has been spotted in the wild on machines in the UK, Poland, Russia, and China.
"The binary infection procedure in the Windows system differed from the previous case. They also changed the final Windows payload significantly from the well-known Fallchill malware used in the previous attack," the researchers noted.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/08/applejeus_malware_returns/
Related news
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)