AppleJeus: new trojan tries to steal cryptocurrencies from macOS users

Although macOS users often boast that there is little malware for the operating system, cybercriminals increasingly target Apple’s desktop operating system. A group of hackers now even ported their Windows cryptocurrency stealing malware to macOS, security company Kaspersky Lab warns.

AppleJeus: new trojan tries to steal cryptocurrencies from macOS users

The infamous Lazarus group, that is linked to North Korea, tried to steal cryptocurrencies in a campaign called “AppleJeus”. It was the first time the group targeted Mac users.

During the AppleJeus attack, an Asian crypto exchange was targeted. The attack on the exchange started when an exchange employee received an email and downloaded a third-party application from the website of a legitimate looking company that reportedly developed cryptocurrency exchange software. In reality, it was a fake company that distributed fake software. The software appeared very legitimate however, because it had a digital certificate signed by the fake company.

When the legitimate looking software was downloaded and started, it appeared to install the software. In reality, it gathered information about the computer and sent data to a command and control server. Once the computer was determined to be an interesting target, a Trojan was installed which provided the Lazarus group pretty much full control over the victim’s computer, which they used to steal crypto currencies.

“The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future, according to  Vitaly Kamluk, Head of GReAT APAC, Kaspersky Lab.

“For macOS users this case is a wake up call, especially if they use their Macs to perform operations with cryptocurrencies,” he added.