Lazarus Group, the North Korean hackers who hacked Sony Films a few years back, have deployed their first Mac malware ever, according to Russian antivirus vendor Kaspersky Lab.
In a report shared with Bleeping Computer in advance, Kaspersky researchers reveal that Lazarus Group penetrated the IT systems of an Asia-based cryptocurrency exchange platform.
The hack of this platform was not reported in the media as of yet, a Kaspersky spokesperson told Bleeping Computer.
“The company was breached successfully, but we are not aware of any financial loss,” Vitaly Kamluk, Head of GReAT APAC at Kaspersky Lab told Bleeping Computer via email today. “We assume the threat was contained based on our notification.”
Exchange hacked after employee downloads trojanized app
The hack, which Kaspersky Lab analyzed under the codename of Operation AppleJeus, took place after one of the exchange’s employees downloaded an app from a legitimate-looking website that claimed to be from a company that develops cryptocurrency trading software.
But the app was a fake and infected with malware. On Windows, the app downloaded and infected users with Fallchill, a remote access trojan (RAT) known to be associated with the Lazarus Group since at least 2016, when it was deployed for the first time in live campaigns.
But unlike previous Lazarus operations, the hackers also deployed a Mac malware strain, something they have not done before. The malware was hidden inside the Mac version of the same cryptocurrency trading software.
Experts say that both the Windows and Mac malware wasn’t visible inside the tainted app. Lazarus operators…