Security News > 2020 > January > North Korean Hackers Continue to Target Cryptocurrency Exchanges

Over the past year and a half, the North Korea-linked Lazarus group has continued attacks on cryptocurrency exchanges but modified its malware and some techniques, Kaspersky reports.

Kaspersky now says that following Operation AppleJeus, Lazarus continued to employ a similar modus operandi in attacks on cryptocurrency businesses, and that more macOS malware similar to that from the original Operation AppleJeus case was discovered.

While the Windows malware used in the campaign suffered only small changes, the macOS malware was more heavily modified, Kaspersky says.

Changes from previous attacks include the use of GitHub to host malware, the use of Object-C instead of the QT framework, the malware's implementation of a simple backdoor function in macOS executable, the use of an encryption key similar to the previous case, the use of ADVobfuscator for the Windows version, and a significantly different post-install script of macOS malware.

"The actor altered their macOS and Windows malware considerably, adding an authentication mechanism in the macOS downloader and changing the macOS development framework. The binary infection procedure in the Windows system differed from the previous case. They also changed the final Windows payload significantly from the well-known Fallchill malware used in the previous attack. We believe the Lazarus group's continuous attacks for financial gain are unlikely to stop anytime soon," Kaspersky concluded.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/L8mxfK8cojU/north-korean-hackers-continue-target-cryptocurrency-exchanges