Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
16.1K views | +0 today
Follow
Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Education Technology
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Mac users targetted by Lazarus ‘fileless’ Trojan | #Apple #CyberSecurity 

Mac users targetted by Lazarus ‘fileless’ Trojan | #Apple #CyberSecurity  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From nakedsecurity.sophos.com - December 6, 2019 12:46 PM

The Lazarus hacking group has been caught trying to sneak a new ‘fileless’ Trojan on to Apple macOS computers disguised as a fake cryptocurrency trading application.

The discovery was reported by K7 Computing’s Dinesh Devadoss to Mac security expert Patrick Wardle, who immediately spotted similarities to previous attacks.

The first of these, from 2018, was the ‘Apple.Jeus’ malware, which also used a cryptocurrency trading application to lure high-value targets in order to steal cryptocoins.

In October 2019, the hackers retuned with a new backdoor Trojan that spreads using the same approach – a cryptocurrency application posted to GitHub for victims to download.

To make the applications appear trustworthy, both campaigns used the ruse of setting up fake software companies using legitimate certificates.

Both were connected to the suspected North Korean Lazarus Group, widely blamed for big attacks such as WannaCry in 2017 and Sony Pictures in 2014.

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Lazarus+group

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

  

Gust MEES's insight:

The Lazarus hacking group has been caught trying to sneak a new ‘fileless’ Trojan on to Apple macOS computers disguised as a fake cryptocurrency trading application.

The discovery was reported by K7 Computing’s Dinesh Devadoss to Mac security expert Patrick Wardle, who immediately spotted similarities to previous attacks.

The first of these, from 2018, was the ‘Apple.Jeus’ malware, which also used a cryptocurrency trading application to lure high-value targets in order to steal cryptocoins.

In October 2019, the hackers retuned with a new backdoor Trojan that spreads using the same approach – a cryptocurrency application posted to GitHub for victims to download.

To make the applications appear trustworthy, both campaigns used the ruse of setting up fake software companies using legitimate certificates.

Both were connected to the suspected North Korean Lazarus Group, widely blamed for big attacks such as WannaCry in 2017 and Sony Pictures in 2014.

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Lazarus+group

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

  

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Lazarus group goes back to the Apple orchard with new macOS trojan | #CyberSecurity 

Lazarus group goes back to the Apple orchard with new macOS trojan | #CyberSecurity  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From www.theregister.co.uk - December 5, 2019 11:45 AM

The Lazarus group, which has been named as one of North Korea's state-sponsored hacking teams, has been found to be using new tactics to infect macOS machines.

Dinesh_Devadoss, a threat analyst with anti-malware merchant K7 Computing, took credit for the discovery and reporting of what is believed to be the Lazarus group's first piece of in-memory malware on the Apple operating system.

In-memory infections, also known as fileless malware, operate entirely within the host machine's volatile RAM. This allows the software nasty to avoid setting off any antivirus systems that monitor files in storage or otherwise don't regularly scan all of system memory for threats

The malware sample found by Dinesh_Devadoss was dissected this week by Mac security guru Patrick Wardle, who says that the attack is a new spin on the classic Lazarus group tactic for slipping its malware onto the machines of unsuspecting users; by not installing any files during the secondary stage of the attack where the actual malicious activity occurs.

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Lazarus+group

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

  

Gust MEES's insight:

The Lazarus group, which has been named as one of North Korea's state-sponsored hacking teams, has been found to be using new tactics to infect macOS machines.

Dinesh_Devadoss, a threat analyst with anti-malware merchant K7 Computing, took credit for the discovery and reporting of what is believed to be the Lazarus group's first piece of in-memory malware on the Apple operating system.

In-memory infections, also known as fileless malware, operate entirely within the host machine's volatile RAM. This allows the software nasty to avoid setting off any antivirus systems that monitor files in storage or otherwise don't regularly scan all of system memory for threats

The malware sample found by Dinesh_Devadoss was dissected this week by Mac security guru Patrick Wardle, who says that the attack is a new spin on the classic Lazarus group tactic for slipping its malware onto the machines of unsuspecting users; by not installing any files during the secondary stage of the attack where the actual malicious activity occurs.

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Lazarus+group

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

  

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn