However, the researchers noticed a different type of macOS malware, MarkMakingBot.dmg (be37637d8f6c1fbe7f3ffc702afdfe1d), that was created on.
The three macOS installers analyzed by Kaspersky use a similar post installer script, as well as using the same command-line argument when executing the fetched second-stage payload. The macOS installers used by the state-sponsored hackers were based on the public source code, the authors used QtBitcoinTrader developed by Centrabit. The researchers spotted more macOS malware similar to the one that was involved in Operation AppleJeus. “It turned out that an unsuspecting employee of the company had willingly downloaded a third-party application from a legitimate looking website and their computer had been infected with malware known as Fallchill, an old tool that Lazarus has recently switched back to.”Īfter releasing Operation AppleJeus, the Lazarus group carried out other attacks against cryptocurrency businesses using similar tactics. The victim had been infected with the help of a trojanized cryptocurrency trading application, which had been recommended to the company over email.” states the report published in 2018 by Kaspersky. “While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery.
In the mid-2018, the APT targeted cryptocurrency exchanges and cryptocurrency companies, experts from Kaspersky Lab tracked a campaign dubbed Operation AppleJeus aimed at spreading a tainted cryptocurrency trading application.
0 kommentar(er)
