"It makes sense to me that Lazarus would try it’s hand at macOS," Ian Thornton-Trump, cyber threat intelligence expert and CompTIA global faculty member told SC Media UK, saying, "it’s a popular OS and is found in use by high value targets."
The Lazarus Group, an APT actor commonly attributed to the North Korean government, has been active for a decade. Whereas we most commonly associate APT state players with cyber-espionage activity, the Lazarus Group is firmly in the cyber-crime camp. It serves the state by looking to make financial gain in order to circumvent the economic sanctions imposed upon the regime. A common target has been the crypto-currency exchange business, and Apple users now appear to be centred in those high value target cross-hairs.
According to an analysis by respected security researcher Patrick Wardle, the Lazarus Group has risen this time around with a fileless malware threat aimed squarely at macOS. After being alerted to the threat by a Twitter posting from Dinesh Devadoss, which included a MD5 hash and URL, Wardle was able to get an inside edge on what was going on as far as the infection mechanism of this latest Lazarus Group threat was concerned. The fileless threat carries all the markings of a first-stage Lazarus Group 'implant' and could "remotely download and execute payloads directly from memory," according to Wardle.
Despite having a very low detection rate on VirusTotal, all but non-existent when Wardle carried out his analysis earlier this week, the UnionCryptoTrader malware sample could be very nasty were it to get used in the wild. Luckily, that appea ..
Support the originator by clicking the read the rest link below.
