On 8 January Secure List reported that the notorious hacker group Lazarus alleged to be a North Korean state-sponsored group is back with their AppleJeus attack and is now attacking MacOS users with a homemade MacOS malware.
The report says that the Lazarus Group is also targeting Windows users and is increasingly developing smart ways to avoid detection while continuing to compromise cryptocurrency businesses.
The news adds to the growing list of recent activities in North Korea that indicate North Korea is determined to use cryptocurrencies to raise funds and evade sanctions.
Lazarus Operation AppleJeus Is a More Stealth Method and Harder To Detect
The group is known to target crypto by implanting malware and using fake crypto websites to gain access to personal and business cryptocurrency accounts. This time, AppleJeus is using malware that targets memory instead of the Hard Drives and allows them to avoid detection.
The group is still using fake crypto exchanges to lure investors, in the same way, their 2018 campaign worked. By using trojanized cryptocurrency trading applications, the group was able to infect user hard drives who installed programs from direct download links in their email addresses.
Hackers Are Using Telegram to Target Their Victims
Kaspersky’s security experts show how the group is taking advantage of Telegram’s crypto platform to infect user accounts. The fake company websites direct users with links to fake trading Groups where the hackers lie in wait to victimize crypto investors.
Apart from using fake telegram groups, the Lazarus hackers are also using the messaging app to infect Microsoft’s operating system by delivering a malicious payload. Once the OS is infected, the hackers gain remote access and can easily clean out cryptocurrencies from host user accounts.
Kaspersky confirmed that fraudsters targeting folks in Europe and China seem to be going for crypto businesses that have more cryptocurrency for the taking.
Security Experts Warns That Hackers Shows No Sign of Slowing Down
Kaspersky’s experts stated:
“We believe the Lazarus group’s continuous attacks for financial gain are unlikely to stop anytime soon. Since the initial appearance of Operation AppleJeus, we can see that over time the authors have changed their modus operandi considerably. We assume this kind of attack on cryptocurrency businesses will continue and become more sophisticated.”
North Korea has recently been doubling their efforts in using cryptocurrency to raise funds for their alleged illegal nuclear weapons program. Apart from stealing and mining cryptocurrencies, there are unconfirmed claims that the country is planning to develop its own crypto similar to Bitcoin.
Recently, the US Department of Treasury sanctioned Lazarus as one of the other two North Korean state-sponsored malicious cyber groups. The groups are accused of a long list of financial crimes that include $571M in crypto theft alone, which shows that North Korea is succeeding in cybercrime and why it is unlikely to stop soon.