February 20, 2024

North Korean hacker group launches fake cryptocurrency trading site

Computer security specialist Dinesh Devadoss reported the discovery of a computervirus developed by the Lazarus group for the MacOS operating system.

The virus was discovered on a fake site forcryptocurrency trading with the address "unioncrypto.vip", which is promoted as a "platform for arbitrage trading of cryptocurrencies." At the same time, the virus should automatically start from a remote server when you visit the site and at the moment it is detected only by a small number of antiviruses.

It is reported that the malicious package does not havesigning certificate, so when you start MacOS warns the user about a possible danger. Although the remote server is already running, the virus launch function is not yet active. Perhaps the threat was discovered even before it was put into operation, but it is obvious that the owners of cryptocurrencies should have become the target of the hackers.

Another cybersecurity specialist, Patrick Wardle, said the virus has “explicit intersections” with another malware program also launched by Lazarus.

Previously, a classified UN report reported thatNorth Korea is funding its weapons development with digital and fiat currencies stolen from banks and cryptocurrency exchanges. Back last fall, Group-IB claimed that a North Korean group of hackers stole $571 million in cryptocurrencies.