Cryptocurrency-stealing Trojan raises new concerns on the Mac malware front


Mac users have another potential worry on the security front, with the news that Lazarus, a notorious bunch of hackers from North Korea, has adapted its cryptocurrency-stealing malware to target macOS.

As spotted by Computerworld, security firm Kaspersky’s researchers uncovered the campaign, which goes under the name of ‘AppleJeus’, and the malware – called Fallchill – was initially spotted after it had successfully compromised an Asian cryptocurrency exchange.

Kaspersky notes that the victim was infected by a Trojanized cryptocurrency trading app, which was downloaded from a legitimate-looking website and developer that has either been hacked by Lazarus, or is a clever false operation entirely set up by the malware-peddling group.

As mentioned, the security company then made the discovery that the Fallchill Trojan has been adapted to also infect macOS machines, and not just Windows PCs as was previously the case. According to Kaspersky, a version targeting Linux users is also in the pipeline, meaning the hackers are looking to spread their cryptocurrency-thieving net much wider.

Stealth first

When the cryptocurrency trading app is first installed there doesn’t appear to be anything amiss on the surface, but it stealthily checks the system to see if it’s worth compromising – and if it decides that’s the case, then a software update is triggered which downloads the actual malicious payload.

Kaspersky observes that of late Lazarus has been getting more aggressive, and that it’s obviously a significant milestone that macOS is now being targeted.

The security firm notes: “There is steadily growing interest in macOS from ordinary users, especially in IT companies. Many developers and engineers are switching to using macOS. Apparently, in the chase after advanced users, software developers from supply chains and some high profile targets, threat actors are forced to have macOS malware tools.

“We believe that in the future Lazarus is going to support all platforms that software developers are using as a base platform, because compromising developers opens many doors at once.”

Obviously we all need to be careful about where we download our software from, and exercise a degree of caution even if it appears to be a legitimate company on the face of it.

And Mac users need to get into the mindset of being more vigilant, as while it’s a bit of a tired old line that more malware is targeting macOS, this is clearly the case – not to mention that it’s of particular concern when the potential loss is a financial one.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).