Crypto currency Exchange Hack for First Mac Malware of Lazarus Group Deploys

Crypto currency

Crypto currency Exchange Hack for First Mac Malware of Lazarus Group Deploys

Crypto currency is a digital asset designed to work as a medium of exchange that uses strong cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets. Crypto currency is a kind of digital currency, virtual currency or alternative currency. Crypto currency use decentralized control as opposed to centralized electronic money and central banking systems. The decentralized control of each crypto currency works through distributed ledger technology, typically a blockchain, that serves as a public financial transaction database.

Most cryptocurrencies are designed to gradually decrease production of that currency, placing a cap on the total amount of that currency that will ever be in circulation. Compared with ordinary currencies held by financial institutions or kept as cash on hand, crypto currency can be more difficult for seizure by law enforcement. This difficulty is derived from leveraging cryptographic technologies.

Lazarus Group, the North Korean hackers who hacked Sony Films a few years back, have deployed their first Mac malware ever, according to Russian antivirus vendor Kaspersky Lab.

In a report, Kaspersky researchers reveal that Lazarus Group penetrated the IT systems of an Asia-based crypto currency exchange platform.



Crypto currency



Exchange hacked after employee downloads trojanized app


The hack, which Kaspersky Lab analyzed under the codename of Operation AppleJeus, took place after one of the exchange’s employees downloaded an app from a legitimate-looking website that claimed to be from a company that develops crypto currency trading software.

But the app was a fake and infected with malware. On Windows, the app downloaded and infected users with Fallchill, a remote access trojan (RAT) known to be associated with the Lazarus Group since at least 2016, when it was deployed for the first time in live campaigns.

But unlike previous Lazarus operations, the hackers also deployed a Mac malware strain, something they have not done before. The malware was hidden inside the Mac version of the same crypto currency trading software.






The mystery of certificate of the malware


The trojanized crypto currency trading software was also signed by a valid digital certificate, allowing it to bypass security scans.

The big mystery surrounding this certificate is that it was issued by a company that Kaspersky experts said they weren’t able to prove it ever existed at the address in the certificate’s information.

“The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future,” Kamluk says.





Kaspersky didn’t name the hacked crypto currency exchange


Several cyber-security firms have pointed out many times this year that since the start of 2017, North Korean hackers have shown great interest in penetrating crypto currency exchanges and financial institutions, from where they steal funds that they later bring back into North Korea.

In the past year, several Asian cryptocurrency exchange platforms suffered security incidents, primarily exchange platforms located in South Korea. Hacks have been reported at Bithumb, Yapizon, YouBit, Coinrail, and Bithumb again.

This week, US cyber-security firm Trend Micro reported a supply-chain attack on South Korean organizations, but did not attribute the hack to North Korea, nor did it specify that the hack targeted a crypto currency exchange platform.







Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses: