Lazarus Group, a North Korean Advanced Persistent Threat (APT) has returned with yet another implant targeting crypto-currency exchange customers on Apple computers. This implant, which is currently unnamed, poses as a fake crypto-currency trading platform (unioncrypto[.]vip). Lazarus Group tricks its victims into downloading and installing this macOS backdoor, which seems to serve as a stage 1 downloader for their more nefarious stage 2 payloads. This malware has the ability to perform in-memory execution of binaries downloaded from their fake crypto website. This allows for the so-called “fileless” execution of malicious payloads, making the backdoor more difficult for anti-virus products to detect.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.