A new report from Sentinel Labs has uncovered a new North Korean hacking attempt on cryptocurrency and related businesses. With the industry rising to nearly $1.5 trillion in value, it’s becoming an ever larger target for hackers worldwide.
The latest scam follows from previous attacks from North Korea, except this time it involves taking advantage of vulnerabilities in Apple’s macOS.
While the Mac operating system is fairly secure for the most part, the hackers have worked their way around the locked-down OS through technical loopholes.
A major method of getting onto people’s machines is by downloading falsified signed software.
Apple requires that all Mac software is verified under the Apple Developer ID. “Avantis Regtech Private Limited (2S8XHJ7948)” was the one being used, which the Cupertino company has since shut down.
This tactic is similar to last year’s ‘RustBucket’, a multi-staged attack that utilizes the fake piece of software method. Once clicked, it downloads and runs various scripts to begin the multifaceted hack, including displaying a false PDF to the user.
DPRK-based hackers are now using similar methods. The latest hack includes sending a PDF of a paper about hidden risks in Bitcoin.
This is based on a genuine paper, but the website will also begin the domino-like effect of serving the unsuspecting user an application under the same name.
The software then opens a downloaded PDF while it gets to work. Payloads with a script to alter macOS security about incoming and outgoing connections are then deployed, as well as manipulating the terminal environment itself.
This is usually hidden from the users’ view, but once altered it can allow the hackers to avoid Apple’s detection software.
Researchers monitoring these types of attacks have said that it has been active for at least the last year. This has included spam calls to those targeted in India.
With consistent hacks stemming from North Korea, it’s best to stay vigilant if you’re within the cryptocurrency space and don’t click any old links you see in your email.
Featured image: Pexels (MEHRAX), Wikimedia Commons