Security scientists have discovered new cryptocurrency malware, which is considered to be a product of North Korean Lazarus Group hackers.
According to a Bleeping Computer publication on 4 December, malware researcher Dinesh Devadoss encountered malware on a website called unioncrypto.vip that advertised an 'intelligent trading platform for cryptographic currency arbitrage'. The website contained no downloadable links, but provided a malware package called "UnionCryptoTrader".
According to researchers, malware can download a charge from a remote location and run it in memory, which is not typical of MacOS, but more typical of Windows. This feature makes it difficult to detect malware and conduct forensic analysis. Under VirusTotal, an online service for analyzing and detecting viruses and malware, only 10 antivirus engines marked them as malicious in real time.
After analysing the newly detected malware, security researcher Patrick Wardle described the "clear overlap" of malware found by MalwareHunterTeam in mid-October, which allegedly led to the formation of the Lazarus group. Meanwhile, researchers discovered that Lazarus had developed further malware for Apple Mac that masks itself as a fake cryptographic currency company.
