The infamous cybercrime group Lazarus has resurfaced with its new malicious operation, AppleJeus, as discovered by Kaspersky Lab’s Global Research and Analysis Team (GReAT).
This notorious group, known for its sophisticated operations and alleged links to North Korea, is noted for cyberespionage, cybersabotage, and financially motivated attacks. The primary goal of the group’s attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers identified a previously unknown version targeting the macOS platform.
Various researchers, including those at Kaspersky Lab, have previously reported on this group’s targeting of banks and other large financial enterprises. Vitaly Kamluk, Head of GReAT APAC team at Kaspersky Lab, remarked, “For macOS users this case is a wake-up call, especially if they use their Macs to perform operations with cryptocurrencies. The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future.”
According to the investigation, the penetration of the stock exchange’s infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate-looking website of a company that develops software for cryptocurrency trading. The attackers used this infected cryptocurrency trading software to penetrate the network of a cryptocurrency exchange in Asia. The nefarious software provided the attackers with almost unlimited access to the attacked computer, enabling them to steal valuable financial information or deploy additional tools for further exploitation.
Last year, the Lazarus group was reported to have stolen US$60 million from the Far Eastern International Bank of Taiwan, marking just one of its many high-profile attacks.
The resurgence of the Lazarus group with the AppleJeus attack underscores the evolving threat landscape in cybersecurity, particularly for those involved in cryptocurrency trading. Vigilance and robust security measures are essential to counteracting such sophisticated cyber threats in the future.