As a seasoned cybersecurity analyst with decades of experience under my belt, I have seen my fair share of sophisticated attacks. However, the recent revelation that North Korean hackers have managed to create malware that evaded Apple’s security checks is truly a new low.
It appears that North Korean cybercriminals have developed malware capable of bypassing Apple’s security measures. This software, according to Jamf Threat Labs experts, seems to be experimental and specifically designed for Apple devices. Interestingly, this is the first time such technology has been used to infiltrate Apple’s macOS system, but it won’t function on systems that have been recently updated.
Weaponizing a security weakness
Researchers from Jamf Threat Labs uncovered harmful applications that were labeled safe by Microsoft’s VirusTotal web scanner. These malicious apps, which were coded in both Go and Python programming languages and utilized the Google Flutter platform, managed to evade detection.
Flutter is an open-source developer kit that enables the creation of multi-platform apps.
Approximately five out of the six harmful applications were linked to legitimate developer accounts and, for a short period, were approved by Apple’s temporary verification process called notarization. This is what the researchers concluded in their report.
“The domains and techniques in the malware align closely with those used in other DPRK [Democratic People’s Republic of Korea — North Korea] malware and show signs that, at one point in time, the malware was signed and had even temporarily passed Apple’s notarization process.”
In this specific scenario, I’m unable to definitively say whether the malware has been employed against any particular targets or if the actor is merely readying a novel method of distribution. However, given the circumstances, it appears that they might be conducting tests to enhance its destructive potential.
The malware used names related to cryptocurrency, like “New Updates for Cryptocurrency Exchange,” “A New Era for Stablecoins and DeFi,” “CeFi and Multisig Risks in Stablecoin and Crypto Assets.” These names suggested that the hackers intended to target the world of digital currencies. When “New Updates for Cryptocurrency Exchange” was activated, it launched a modified version of the Minesweeper game instead.
Organized hackers do it best
It’s widely recognized that North Korean cybercriminals are exceptionally clever, as they were recently found taking advantage of a weakness in Google Chrome to steal cryptocurrency wallet details in October. Additionally, accusations surfaced during the same month suggesting North Korea played a role in the development of the Liquid Staking Module within the Cosmos network.
It is claimed that these hackers operate with a high level of coordination and manage to pocket hundreds of thousands of dollars’ worth of cryptocurrency every month, accumulating an estimated total of around $3 billion over the past six years, as per the United Nations.
Read More
- ZK PREDICTION. ZK cryptocurrency
- SHIB PREDICTION. SHIB cryptocurrency
- BTC PREDICTION. BTC cryptocurrency
- LDO PREDICTION. LDO cryptocurrency
- ETH PREDICTION. ETH cryptocurrency
- CYBER PREDICTION. CYBER cryptocurrency
- BCH PREDICTION. BCH cryptocurrency
- JASMY PREDICTION. JASMY cryptocurrency
- FARM PREDICTION. FARM cryptocurrency
- COMP PREDICTION. COMP cryptocurrency
2024-11-12 21:05