New Mac malware linked to North Korean hackers bypasses Apple security in targeted attack
Cybersecurity analysts at Jamf Threat Labs have discovered North Korean malware that targets macOS users by bypassing Apple’s security systems. This malware is the first example of a North Korean cyberattack using advanced techniques to potentially compromise the macOS operating system. Researchers said it’s unclear whether the malware targeted specific users, but it’s still in the testing phase, so it’s possible a larger attack could occur.
How malware bypassed notarization
The newly discovered malware secured temporary notarization approval from Apple and leveraged developer signatures to act as legitimate software. Microsoft’s VirusTotal scanning platform identified the app as clean, suggesting it used sophisticated evasion techniques to avoid detection. The malicious app used the Go and Python programming languages along with Google’s Flutter developer kit as a multi-platform framework. The malware briefly bypassed Apple’s notarization, a security measure meant to restrict unauthorized apps on macOS, allowing it to gain access to the system.
It’s an old saying: the most secure software is up-to-date software. But it is also true. By using the latest version of software, you will improve the security posture of your users, devices & entire IT infrastructure. See how it: https://t.co/DTHxhX0Zs7
— Jamf (@JamfSoftware) November 6, 2024
Cryptocurrency User Targeting
Names of the malware such as “Crypto Exchange Updates” and “Stablecoin and DeFi News” suggest that the goal may be to target individuals who use cryptocurrency. When one of the apps was launched, it opened a disguised Minesweeper game, potentially hiding its real functionality. The program uses deceptive tactics and cryptocurrency-themed titles to lure users involved in digital finance or blockchain.
North Korea’s Cyber Attack Pattern
This malware incident reflects a growing trend of sophisticated cyber activities by North Korea targeting cryptocurrency users. Recently, North Korean hackers exploited a vulnerability in the Google Chrome browser to steal cryptocurrency wallet details. Their actions appear to be well organized and very profitable. The United Nations estimates that North Korea’s cyber activities have generated about $3 billion in revenue over the past six years. These activities are known to help fund a variety of national goals, making cybersecurity for digital finance more important than ever.
A testing ground for new tactics
Although no direct attacks have been confirmed, Jamf researchers note that the malware could be a testing ground for more weaponized attacks in the future. Every successful attempt to circumvent a high-profile security framework like Apple’s increases the likelihood of more complex and damaging cyber incidents. Given the sophistication of North Korean hacking groups, this incident highlights the importance of vigilant cybersecurity, especially for individuals and organizations in the digital currency and financial technology sectors.