News

The north Korean hackers are suspected of making Mac malware

File photo A North Korean flag flies on a mast at the Permanent Mission of North Korea in Geneva October 2, 2014. (REUTERS/Denis Balibouse/File Photo)

Mac users caution. The north Korean hackers seem to be, the development of malware that can infect your computer.

Security company Kaspersky Lab discovered the

macOS-based
malware during the investigation of a hack on an unnamed cryptocurrency exchange in Asia. The fight was coming back to an e-mail convinced that an employee of the company for the download of a third-party app for the trade in virtual currencies.

Unfortunately, the app is a Trojan in disguise. According to Kaspersky, it contained a malware strain known as

Fallchill
that is linked to a notorious North Korean hacking group called Lazarus. Once infected,

Fallchill
can secretly take over your computer to steal data or install malicious code.

The app comes from an american company called Celas, which specializes in secure “blockchain solutions” for the corporate market. If you install the update, the program does not do what is harmful. However, Kaspersky Lab noticed that it can update itself and the delivery of the

Fallchill
malware on your computer.

More From PCmag

  • Support OUR National Parks, by the Use of Apple Pay

  • Offers: Online Coding Courses, Core i7 Desktop, 4K TV

  • Facebook Doesn’t Allow Personality App, Suspends 400 Others

  • Walmart Teams up With Kobo for the Ebook Store, Audiobook Service

“(The updater) works as an exploration of the module: first, information is collected about the computer is installed, then it sends this information back to the command and control server,” Kaspersky Lab said. “If the attackers decide that the computer is worth the attacks of the malicious code comes back in the form of a software update.”

The Trojan, which hit the cryptocurrency exchange is installed on a PC. But during its research, Kaspersky found that the hackers had developed a Windows and Mac version of the app, both of which are of the hidden auto-updater.

“This is the first case where Kaspersky Lab researchers have observed that the infamous Lazarus group spread malware that targets mac users, and it represents a wake-up call for anyone who uses this OPERATING system for cryptocurrency-related activity,” the security company said.

As for Celas, Kaspersky suspects that it is a fake company created by the North Koreans. The person who registered the Celas website domain paid for the use of Bitcoin, and uses a ramen shop in Chicago as its physical address. The Celas site is currently down, and will not respond to a request for comment.

In the past few months, several hacking attempts on cryptocurrency stock exchanges and the banks are to blame on the Lazarus group. A tactic that involved trying to trick Bitcoin experts in the installation of malware through phishing emails that pretend to offer job positions. To protect yourself, not downloading apps from little-known vendors.

“Not automatically trust the code running in your system,” Kaspersky Lab said. “Neither good-looking website, nor solid profile of the company nor the digital certificates

warranty
the absence of backdoors. Trust must be earned and proven.”

This article originally appeared on PCMag.com.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular