North Korean Hackers Launch Malware Targeting macOS

In a groundbreaking discovery, researchers at Jamf Threat Labs have identified a new strain of malware that North Korean hackers are believed to have developed specifically to target Apple’s macOS. This discovery marks the first instance of hackers using such technology to compromise the macOS operating system, underscoring a significant shift in cyber threat tactics.

Researchers detected the malware in applications written in Go and Python, which use Google’s Flutter app development kit. Known for enabling multi-platform application creation, Flutter may have provided attackers with the tools needed to develop this malware.

Interestingly, developers signed five out of the six identified malicious apps with account signatures that had temporarily passed Apple’s notarisation process, revealing a sophisticated grasp of Apple’s security protocols. Researchers from Jamf observed, “The domains and techniques in the malware closely align with those in other DPRK [Democratic People’s Republic of Korea — North Korea] malware and show that, at one point, the malware was signed and had even temporarily passed Apple’s notarisation process.”

This discovery aligns with previous actions by North Korean hackers, who consistently target the cryptocurrency industry. In October, they exploited a vulnerability in Chrome to steal crypto wallet credentials and contributed to developing the Cosmos network’s Liquid Staking Module.

North Korean cyber units, such as the infamous Lazarus Group, operate with high organisation and have successfully siphoned off vast amounts of cryptocurrency, amassing approximately $3 billion over the past six years. Their activities pose significant security risks to digital assets and threaten both national and global cybersecurity landscapes.