Threat Management, Threat Management, Malware

Fake company pushes phony cryptocurrency app to spread Mac malware

It appears North Korean hackers have revisited a tried-and-true scheme to attack Mac owners who work at cryptocurrency exchanges: creating a fake company and corresponding cryptocurrency trading app that actually infects users with malware.

Researcher Patrick Wardle, creator of OS X security firm Objective-See, reported in a blog post late last week that malicious actors set up a website for a phony crypto firm called JMT Trading, with a link to a GitHub page where visitors could supposedly download a trading app. In reality, however, these users were downloading files laced with malware that was uncovered by researchers at MalwareHunterTeam on Oct. 11.

According to Wardle, the malware allows attackers to remotely execute commands and essentially gain control over Mac systems. At the time it was analyzed, it had zero Virus Total detections.

The malware, which arrives in a fake installer file named JMTTrader.pkg, appears to be closely related to a program used last year in a similar scheme that was attributed to the North Korea-associated APT actor Lazarus Group, aka Hidden Cobra. Researchers at Kaspersky Lab dubbed this campaign Operation AppleJeus in an August 2018 report. In this instance, the actors distributed malware via a fake cryptocurrency trading app called Celas Trade Pro.

"IMHO, without a doubt, both malware specimens were written by the APT group Lazarus," said Wardle in his blog post. The two operations shared many similarities, he continued, including the use of .pkg malware samples that are "persisted as launch daemons" and "require a single commandline argument in order to execute."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.