Read time 2 minutes

North Korean Hackers Target Legit Crypto Apps with New Malware

I came across this article about a new malware developed by North Korean hackers and I have to say, it's pretty alarming. Apparently, these hackers have found a way to bypass Apple's security measures and are specifically targeting macOS users through cryptocurrency applications. The malware is said to be experimental and the researchers at Jamf Threat Labs who discovered it noted that it doesn't affect up-to-date systems. But still, if you're using an older version of macOS, you might be at risk.

How They Do It

So here's the kicker: the malware was delivered via apps that were actually reported as clean by Microsoft’s VirusTotal service. These apps were written in Go and Python and used Google Flutter, which is an open-source developer kit for creating multi-platform apps. The researchers noted that at one point, the malware had even passed Apple’s notarization process temporarily.

The malicious apps had names like "New Updates in Crypto Exchange" and "CeFi and DeFi Risks in Stablecoins", which are pretty obvious red flags if you know what to look for. When one of these apps was executed, it opened a modified minesweeper game instead of doing whatever malicious activity it was intended for—talk about a Trojan horse!

Who's Behind This?

If you didn't already know, North Korean hackers are no strangers to this kind of operation. They were recently caught exploiting a vulnerability in Chrome to steal crypto wallet credentials. Allegedly, they even had a hand in developing some components of the Cosmos network Liquid Staking Module.

According to reports, these organized groups are making hundreds of thousands of dollars each month from their cyber activities—and they've raked in around $3 billion over the past six years according to the United Nations.

Is Apple's Notarization Enough?

Apple's notarization process is supposed to enhance software security by scanning for known malware before allowing installation. But as we've seen with this incident, it's not foolproof. The process has some limitations; for instance, it can't catch zero-day threats or highly sophisticated malware that hasn't been cataloged yet.

The fact that these hackers could acquire or hijack valid Apple developer accounts shows just how compromised Apple's security can become when facing such organized adversaries.

Final Thoughts

This whole situation raises serious questions about the safety of legit cryptocurrency apps out there. North Korean state-sponsored groups seem to be getting better at exploiting weaknesses—both technical and human—and they're not just targeting individual users anymore; they're going after entire firms involved in cryptocurrency operations.

If you're into crypto like I am, make sure you're taking extra precautions: use well-known apps, enable multi-factor authentication, keep everything updated, and maybe reconsider your OS if you're not on the latest version!

Buy and Sell Tether P2P

Swap USDT for Zinli, Wally, PayPal, Zelle, and more!

Publish your own P2P ads and start making money online.

Frequently Asked Questions

How Can We Help You?

This space is built to help you, whether you're a beginner or an expert using our app. Here, you'll likely find the answer to your questions.

El Dorado

Deposits & Withdrawals

Account

General Questions

No results

Company

HomeAbout usLearnJobs

Help

TutorialsUsage guideTrading rules

Legal

Privacy policyTerms of serviceComplaints and Claims

CONTENT DISCLAIMER: References made to third-party names, logos, and trademarks on this website are to identify the corresponding goods and services that users of El Dorado may exchange through P2P transactions facilitated by El Dorado. Unless otherwise specified, trademark holders are not affiliated with El Dorado, our products or website, and do not sponsor or endorse El Dorado services. Such references are included strictly as nominative fair use under applicable trademark law and are the property of their respective owners. El Dorado Labs S.R.L.- Virtual Asset Service Provider (PSAV) registered under No. 63 dated August 5, 2024 in the CNV Registry of Virtual Asset Service Providers. For unresolved inquiries, you can contact ssf.gob.sv or atencionalusuario@ssf.gob.sv.