Join us at TNW Conference 2021 for insights into the future of tech →

Inside money, markets, and Big Tech

This article was published on October 14, 2019


North Korea-linked hackers revive cryptocurrency scam to hijack macOS

It gives them administrator rights

North Korea-linked hackers revive cryptocurrency scam to hijack macOS
Matthew Beedham
Story by

Matthew Beedham

Editor, SHIFT by TNW

Matthew is the editor of SHIFT. He likes electric cars, and other things with wheels, wings, or hulls. Matthew is the editor of SHIFT. He likes electric cars, and other things with wheels, wings, or hulls.

Security researchers have reportedly uncovered another attack from a North Korea-linked hacking group. But on closer inspection it seems to be nothing more than a rehash of the group’s previous exploits.

According to research published yesterday, the hacking group, Lazarus, is now using fake cryptocurrency trading software, created by a similarly fake front company, Forbes reports.

It appears that hackers set up a front company called JMT Trading, and wrote an accompanying open-source cryptocurrency trading app. The code to which was hosted on GitHub. However, here’s where the originality ends.

In the code for the JMT Trading software is a piece of malicious code which, according to Mac security expert Patrick Wardle, gives hackers the “ability to remotely execute commands” on a victim’s device. It gives bad actors full control over the infected macOS system, giving attackers the ability to do anything they want, he added.

On closer inspection, JMT Trading is just a reapplication of Lazarus’ previous strategies in which it bundles nefarious code with legitimate looking apps.

Last year, Lazarus set up a fake trading platform and company called Celas, it was detected by security researchers at Kaspersky Labs. Research posted to Securelist, Kaspersky’s media outlet read:

While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a trojanized cryptocurrency trading application, which had been recommended to the company over email.

You could say that Lazarus has zero creativity, seeing as it’s just recycling its old hacks, but on the other hand, it could be because its scams are working.

Research last year found the North korea-linked hacking group was the most profitable hacking syndicate in the world.

Want more Hard Fork? Join us in Amsterdam on October 15-17 to discuss blockchain and cryptocurrency with leading experts.

Also tagged with