Lazarus Group, a North Korean Advanced Persistent Threat (APT) has returned with yet another implant targeting crypto-currency exchange customers on Apple computers. This implant, which is currently unnamed, poses as a fake crypto-currency trading platform (unioncrypto[.]vip). Lazarus Group tricks its victims into downloading and installing this macOS backdoor, which seems to serve as a stage 1 downloader for their more nefarious stage 2 payloads. This malware has the ability to perform in-memory execution of binaries downloaded from their fake crypto website. This allows for the so-called “fileless” execution of malicious payloads, making the backdoor more difficult for anti-virus products to detect.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for