A new malware campaign being carried out by Lazarus Group has been uncovered. Not surprisingly this one is currently targeting crypto-currency, which North Korea has been targeting heavily for some time. The Malware was cleverly disguised and well hidden from notice. Two downloads were available as crypto-currency trading software, one version for Windows and one for Mac. The windows version used a version of the Fallchill malware, a Remote Access Trojan that has been utilized by Lazarus Group since 2016. The Mac version deploys a Mac malware strain. The software has a valid security certificate which allows it to bypass security scans. Oddly though no one has been able to prove that the company that issued the certificate ever existed at the address which is listed on the certificate. The initial software download does not contain the malware but instead is contained in an update which is downloaded at a later date. Few details of the malware are available at this time, though it was confirmed that an employee at a currently undisclosed crypto-currency exchange.
