November 27, 2022

North Korean hacker group launches fake cryptocurrency trading site

Computer Security Specialist Dinesh Devadoss Announces Computer Detection virus developed by the Lazarus group for the MacOS operating system.

The virus was discovered on a fake site forcryptocurrency trading with the address "unioncrypto.vip", which is promoted as a "platform for arbitrage trading of cryptocurrencies." At the same time, the virus should automatically start from a remote server when you visit the site and at the moment it is detected only by a small number of antiviruses.

It is reported that the malicious package does not havesigning certificate, so when you start MacOS warns the user about a possible danger. Although the remote server is already running, the virus launch function is not yet active. Perhaps the threat was discovered even before it was put into operation, but it is obvious that the owners of cryptocurrencies should have become the target of the hackers.

Another cybersecurity specialist, Patrick Wardle, said the virus has “explicit intersections” with another malware program also launched by Lazarus.

Earlier in a closed UN report, it was reported thatNorth Korea finances arms development with digital and fiat currencies stolen from banks and cryptocurrency exchanges. Last fall, Group-IB announced that a North Korean hacker group had stolen $ 571 million in cryptocurrencies.