EMERGING TECH
EMERGING TECH
EMERGING TECH
North Korean hackers target cryptocurrency traders in ‘Operation AppleJeus’
Infamous North Korean hacking outfit Lazarus is targeting cryptocurrency traders with a new malware campaign dubbed “Operation AppleJeus.”
Uncovered by security researchers at Kaspersky Lab and publicized Thursday, the campaign was first detected during an investigation into a hack of an unnamed Asian cryptocurrency exchange and involved Lazarus distributing software infected with a trojan virus to exchange customers. The researchers said the software, a cryptocurrency trading applications, had been recommended to the company over email.
The weaponized software was found to include a malware suite called “FallChill” that opens a series of backdoors to bypass authentication that give Lazarus the ability to take control of the victim’s computer to steal data and cryptocurrency.
What’s interesting about the campaign is that it came not only in a version that targeted Windows but in macOS as well, hence the name AppleJeus. “The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms,” the researchers note.
They speculate that the move by Lazarus to target macOS and potentially in the future Linux systems is recognition that non-Windows computers offer plentiful opportunities because users tend to be far more complacent when it comes to security.
The other interesting aspect of the campaign is that the software suggested to the cryptocurrency exchanges users, called Cellas Pro, came signed with a legitimate security certificate. That begs the question as to whether the software itself came first, or Lazarus designed it complete with trojan capability. Hackers creating fake software isn’t new, but it is somewhat rare, and the researchers have been unable to ascertain the order of events.
Lazarus was last in the new back in February when it launched a hacking campaign targeting banks and bitcoin users. That campaign, dubbed HaoBao, involved the North Korean hackers pretending to be from a Hong Kong-based recruitment firm. Email attachments that were clicked on installed malware that could also steal data and cryptocurrency account details.
Image: Kaspersky
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
