Just In
- 1 hr ago Vivo T3 5G Goes on Sale in India at 12 noon Today via Flipkart: Check Price, Specs, Offers
- 2 hrs ago Vivo X Fold 3, Vivo X Fold 3 Pro Launched with Snapdragon Chip, ZEISS Cameras: Price, Specs, Design
- 4 hrs ago Apple WWDC 2024 kicks off on June 10: iOS 18, New Developments in AI, and More Expected
- 15 hrs ago Realme GT Neo 6 SE with 1.5K OLED Display, Snapdragon 7+ Gen 3 SoC Launching in April
Don't Miss
- Finance Nifty Rejigs: Adani, ITC, IRFC, REC, PFC, Other PSUs; List Of Stocks To Be Included & Excluded On March 28
- News Arvind Kejriwal Arrest: Delhi Court To Hear AAP Supremo's Bail Plea Today
- Automobiles Discover The Route 66 Inspirations Behind The Iconic Cars Movie
- Movies Rebel Box Office Collection Day 6 Prediction: GV Prakash And Mamitha Baiju Starrer Continues Moderate Run
- Sports Jannik Sinner and Carlos Alcaraz march into last eight in Miami
- Lifestyle When Is Sheetala Ashtami? Date, Time, History, Significance And Legend Associated With This Day
- Education SPMCIL Technician Recruitment 2024; Application process, Salary details and more
- Travel Learn About the Types of US Visas Available for Indian Immigrants and the Visa Process
Lazarus group hunts cryptocurrency exchanges using macOS malware
AppleJeus is a new malicious operation by the infamous Lazarus group.
Researchers in Kaspersky Lab's Global Research and Analysis Team (GReAT) have discovered AppleJeus - a new malicious operation by the infamous Lazarus group. The attackers penetrated the network of a cryptocurrency exchange in Asia using Trojanized cryptocurrency trading software.
The goal of the attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform. This is the first case where Kaspersky Lab researchers have observed the notorious Lazarus group distributing malware that targets macOS users, and it represents a wakeup call for everyone who uses this OS for cryptocurrency-related activity.
Based on the analysis by GReAT, the penetration of the stock exchange's infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate looking website of a company that develops software for cryptocurrency trading.
The application's code is not suspicious, with the exception of one component - an updater. In legitimate software such components are used to download new versions of programs. In the case of AppleJeus, it acts like a reconnaissance module: first it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update.
The malicious update installs a Trojan known as Fallchill, an old tool that the Lazarus group has recently switched back to. This fact provided the researchers with a base for attribution. Upon installation, the Fallchill Trojan provides the attackers with almost unlimited access to the attacked computer, allowing them to steal valuable financial information or to deploy additional tools for that purpose.
The situation was exacerbated by the fact that the criminals have developed software for both the Windows and macOS platform. The latter is generally far less exposed to cyberthreats than Windows. The functionality of both platform versions of the malware is exactly the same.
Another unusual thing about the AppleJeus operation is that while it looks like a supply-chain attack, in reality this may not be the case. The vendor of the cryptocurrency trading software that was used to deliver the malicious payload to the victims' computers has a valid digital certificate for signing its software and legitimate looking registration records for the domain.
However - at least based on publicly available information - Kaspersky Lab researchers could not identify any legitimate organization located at the address used in the certificate's information.
In order to protect yourself and your company from sophisticated cyberattacks from groups like Lazarus, Kaspersky Lab security experts advise the following:
- Do not automatically trust the code running on your systems. Neither an authentic looking website, nor a solid company profile, nor digital certificates guarantee the absence of backdoors.
- Use a robust security solution, equipped with malicious-behavior detection technologies that enable even previously unknown threats to be caught.
- Subscribe your organization's security team to a high-quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques, and procedures of sophisticated threat actors.
- Use multi-factor authentication and hardware wallets if you are dealing with significant financial transactions. For this purpose, preferably use a standalone, isolated computer that you do not use to browse the internet or read email.
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
1,39,900
-
1,29,900
-
79,900
-
65,900
-
12,999
-
96,949
-
16,499
-
38,999
-
49,999
-
30,700
-
36,999
-
38,999
-
1,17,840
-
35,000
-
23,960
-
82,510
-
16,258
-
25,999
-
26,999
-
31,999