No system is foolproof, and this has been proven many times for cryptocurrency-related services or platforms. The infamous North Korean hackers called, Lazarus Group, has penetrated the security of an Asian cryptocurrency exchange.
While it has yet to be disclosed if an financial losses have been incurred, Lazarus Group, has accomplished its own innovative feat by deploying a Mac malware strain. The Mac app for the crypto exchange held the hidden malware.
Kasperski Lab, a Russian antivirus company, validated that the exchange was hacked after analyzing the data. Vitaly Kamluk, Head of APAC at Kaspersky Lab reported to computer help site Bleeping Computer:
“The company was breached successfully, but we are not aware of any financial loss. We assume the threat was contained based on our notification.”
Operation AppleJeus, was the codename for the hack, and was discovered by chance when an employee downloaded the app from what seemed to be a legitimate website, when the employee’s antivirus sounded off with a Trojan alert. The app also contained Fallchill, a malware that allowed a remote access Trojan (developed for Windows), which was created by Lazarus back in 2016.
Lazarus was also innovative in their approach with the hack, since the trojanized app was signed by a valid digital certificate, allowing the tainted app to bypass security scans. The officials over at Kaspersky stated that the digital certificate was actually issued by a firm that may not even exist.
Kamluk said to Bleeping Computer:
“The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future.”
The cryptocurrency exchange that was compromised by the hackers has yet to be named, however Kamluk did disclose:
“We are aware of waves of attacks on supply chains in South Korea this year, but AppleJeus is unrelated to these attacks. The victim was not located in South Korea.”