![]() “It seems the actor wants to execute the final payload very carefully, and wants to evade detection by behavior-based detection solutions,” the researchers write. A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. The apparent increased specificity in targeting could indicate Lazarus Group is using previously gleaned intelligence, possibly from other hacking campaigns, to maximize its current fundraising efforts. macOS malware used run-only AppleScripts to avoid detection for five years 112 points by abawany 53 days ago hide past. Yesterday, Stokes published the full-chain of this attack, along with indicators of compromise (IOCs) of past and newer OSAMiner campaigns. “The final payload … was designed to run only on certain systems.” MACOS MALWARE YEARS RUNONLY APPLESCRIPTS FIVE HOW TO. “Upon launch, the malware retrieves the victim’s basic system information … If the response code from the C2 server is 200, the malware decrypts the payload and loads it in memory,” Kaspersky researchers write. In a campaign targeting Windows users, for instance, attackers have included a final payload that is designed to run only on certain systems that appear to be predesignated, according to Kaspersky. But some of the campaigns Kaspersky details reveal that beyond just changing its tactics to evade detection, Lazarus Group has also been more selective in choosing victims. North Korean hacking campaigns have traditionally been focused on avoiding detection and tricking victims to unwittingly help fill out the DPRK’s coffers, which have been hampered in recent years as a result of economic sanctions. They have also used a fake website and company called “UnionCryptoTrader.” The year prior, Kaspersky uncovered that these hackers were using another fake company, “Celas Trade Pro,” to target cryptocurrency exchanges. ![]() The hackers have been using a fake company, “JMT Trading,” to install backdoors to funnel funds to Pyongyang, multiple researchers revealed in 2019, for example. In the last two years, multiple researchers have revealed some of Lazarus Group’s latest antics relying on front companies. ![]() Namely, the hacking outfit has been tweaking some of its malware, delivery mechanisms, and payloads in an attempt to decrease their chances of getting caught, according to Kaspersky. macOS malware used run-only AppleScripts to. ![]() The use of ADS, in particular, represents a serious ongoing threat, as it can easily hide follow-up malware. The configuration scripts used during the infection process are obfuscated in an attempt to evade detection. North Korean hackers have for years been using different tactics to run cyber-enabled financial heists, most recently using front companies to compromise cryptocurrency-related businesses.Īnd although some of the fake companies and websites rarely pass the smell test - the links on these weaponized websites don’t always work - hackers known as Lazarus Group or APT38 have been getting increasingly careful in other areas, according to new Kaspersky Lab research. macOS malware used run-only AppleScripts to avoid detection for five years. The trojan uses Alternate Data Stream (ADS) as a technique to run follow-up malware. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |