Lazarus group goes back to the Apple orchard with new macOS trojan The Lazarus group, which has been named as one of North Korea's state-sponsored hacking teams, has been found to be using new tactics to infect macOS machines. Dinesh_Devadoss, a threat analyst with anti-malware merchant K7 Computing, took credit for the discovery and reporting of what is believed to be the Lazarus group's …
The article does not mention that the malware sample was found on VirusTotal. That means that somebody has scanned it, which has to mean that those Norks leaked it out.
However, the article states that the control server is not handing out the payload, which prevents the malware from doing anything at this point in time.
So that begs the question : has this malware actually been installed and then the Norks shut down the service because they were only interested in one target ? Or are they still in the ramping up stage and want everything to be perfect for when they do unleash the malware ?
Which still does not explain the sample on VirusTotal.
By default, new Macs don't allow you to install unsigned software packages. To fall victim to this malware, you would need to:
(a) download a package from a third party website
(b) disable the unsigned software protection in System Preferences
(c) ignore the warning that "By opening this app, you will be overriding system security which can expose your computer and personal information to malware"
(d) grant it root access.
Perhaps Apple users are lulled into a false sense of security, so they ignore all these warnings.
Coming next: North Korean evil-doers sell car phone chargers which only work if you follow the instructions to disable the car's ABS.
"Perhaps Apple users are lulled into a false sense of security, so they ignore all these warnings."
Or perhaps they quite rightly hold the view that it's their PC and they'll install whatever software they damn well want without asking mother for approval first. That used to be how all PCs worked, whether they had Apple, MS, Linux, or any other OS running. It's bad enough that people so often roll over and allow their phones to be locked away in a walled garden, but doing it for desktop PCs as well is just nuts.
The problem here is not that people might have jumped through the multiple hoops required just to have some control over their own property, it's that having done so, they were stupid enough to install something making claims about pretend money. If you choose to install obvious malware, it's entirely your own fault when it turns out to be malware.
If you choose to install obvious malware, it's entirely your own fault when it turns out to be malware.
So the people who created the malware and got the gullible unwashed masses to install said malware are not to blame for their actions? How does that work? Blame the victim much?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
