It appears hackers sponsored by North Korea discovered a new method of hacking macOS users.
North Korea is at it at again, hacking that is. It appears hackers sponsored by North Korea discovered a new method of hacking macOS users. As Forbes reports, the “so-called” Lazarus Group is partially funded by the North Korean government and are now using fake cryptocurrency software with a front company to do it.
Now, of course, this doesn’t mean that every macOS user is at risk but it does show that even Apple devices can be hacked. You truly don’t have to worry much about this one, unless you’re heavy into cryptocurrency trading and frequent cryptocurrency websites. It’s just a matter of taking extreme caution when navigating those websites.
Here’s how it worked, according to Apple Mac security specialist and principal security researcher at Jamf Patrick Wardle: the hackers created a fake company complete with an official-looking website. In this latest case, the North Koreans set up the front company, JMT Trading.
They then wrote an open-source cryptocurrency trading app and put it up on the code-sharing site GitHub. Hidden within that code, though, was malware that, if downloaded onto a target Apple PC, would give the hacker the ability to do anything they wanted on the Mac. As Wardle put it in a blog post: “The ability to remotely execute commands clearly gives a remote attacker full and extensible control over the infected macOS system.”
The hackers may then go a step further by contacting administrators and users of cryptocurrency exchanges, asking them to test and review their new app, Wardle told Forbes. If they get lucky, they get a bit of leverage in an official cryptocurrency vendor and start infecting targets.
Forbes reports that North Korea has been successfully breaking into cryptocurrency accounts and making as much as $2 billion with the hacks they’ve been performing. Forbes also reports that at least some of the money North Korea has taken is helping its weapons of mass destruction program.