Researchers have uncovered a new campaign by the infamous Lazarus group which targets cryptocurrency exchanges in order to spread malware to Windows and macOS users.

According to Kaspersky Lab, the new campaign, dubbed AppleJeus, first surfaced in an attack against a cryptocurrency exchange. Based in Asia, the cryptocurrency trading post’s network was infected with a Lazarus Trojan, leading to the distribution of the malware to both Windows and macOS machines.

The team says that the Trojan — which was previously only connected to Windows machine infections — aims to steal cryptocurrency from users.

This is the first time that Lazarus, which is believed to be a state-sponsored North Korean threat group, has been caught distributing malware for Mac machines.

North Korea has also been linked to attacks including the WannaCry ransomware outbreak and bank heists.

See also: Critical remote code execution flaw in Apache Struts exposes the enterprise to attack

Previously, Lazarus has been connected to attacks against South Korean think tanks and other political targets which utilize Windows zero-day vulnerabilities.

Despite the fact that the state-sponsored group has been rewriting old code to create new attacks, they should not be underestimated.

One of the latest targets of interest to the group appears to be cryptocurrency, potentially due to the virtual coins’ worth as a financial asset. Lazarus has already initiated a set of cryptocurrency theft-related schemes, including the use of phishing emails embedded with…