Skip to main content

Macs Attacked by North Korean Hackers: What to Know

Think Macs can't get infected? Think again.

Credit: Aleksandar Malivuk

(Image credit: Aleksandar Malivuk)

The North Korean state-sponsored hackers called the Lazarus Group have deployed their first Mac malware ever, Russian cybersecurity company Kaspersky Lab reports. The malware, part of a campaign that Kaspersky labeled "Operation AppleJeus," was used to successfully hack into an Asian cryptocurrency exchange platform, presumably to steal digital currency.

"The company was breached successfully, but we are not aware of any financial loss," Vitaly Kamluk, director of the Asia-Pacific division of Kaspersky's Global Research and Analysis Team, told BleepingComputer.

MORE: Best Mac Antivirus Software

The attackers hid their malware on a fake website that pretended to belong to a cryptocurrency trading-software developer -- a classic "watering hole" attack that leads potential victims to danger. The website offered cryptocurrency-trading apps for Mac and Windows, with each containing malware to infect their respective systems.

An employee of the trading platform downloaded the Windows version, which contained a remote access trojan (RAT), which grants hackers remote administrative control over their victims' computer.

While there has historically been more malware out there for Windows users, Mac malware has faced a rising tide in recent years, although adware and potentially unwanted programs (PUPs) are more prevalent on Macs than true malware.

If you're a Mac user, don't fall for schemes like this. A lot of Mac malware deceives the user into installing it, despite Apple's best efforts, so be very careful about installing free online tools or pirated software. It's also important to run Mac antivirus software -- but be careful of "scareware" popup ads that claim your Mac needs to be cleaned. We're big fans of Kaspersky's Internet Security for Mac.

  • velocityg4
    So, it requires people to download it. Run an installer.

    What I'd like to know is what other user interaction is required for infection on recent macOS versions. Typically you need to enter administrative credentials even when logged in as an administrator to install any software. If the software vendor isn't an approved third party. You also have to go into System Preferences and manually allow it.

    I know they had managed a false certificate. But I don't think Apple uses the same lists as anti-virus providers. As many programs downloaded online that aren't from a major company will not run without all this user interaction.

    Even once it is installed. When you run the program for the first time. You'll get another warning.

    If some user goes past all these barriers to allow the malware to run. What else can Apple do? I wouldn't consider this a flaw in the OS. Now if it is able to install and skip all those checks that is another matter.

    I just hope Apple doesn't decide to lock Macs down to the app store completely as they do with iOS. It seems like they are headed that way. With there ever increasing crack down on downloaded apps.
    Reply