North Korean Malware Evades Apple Notarization to Target macOS Users

Paxful
Illustration of macOS security breach by North Korean malware
Coinbase

North Korean Malware Slides Past Apple’s Security – Again

A newly found malware written by North Korean hackers managed to slip past the notarization process of Apple. This is a security protocol preventing unverified applications from running on macOS. According to researchers in Jamf Threat Labs, malware has become the first of its kind aimed at bypassing Apple’s strict checks. Still, at this moment, the current systems manage to be unbeatable. This malware is more of an experimental approach, and could mean that North Korea will make attempts to use macOS vulnerabilities in wider attacks in the future.

Weaponizing Apple’s Notarization Process

According to reports, the malware-posing as cryptocurrency-related applications-managed to bypass Apple’s notarization security screening process, at least for a time. The apps were created via Google’s Flutter-a free open-source framework used to create multi-platform applications-and included malicious code which wasn’t spotted by Microsoft’s VirusTotal service. Jamf Threat Labs uncovered six variants of these apps, which, for the most part, carried genuine developer account signatures, making them look legitimate and pass some security checks. “The tactics, techniques and procedures in this malware have a strong similarity to those seen in other cyber operations carried out by North Korea,” researchers said, adding that the sophistication is high-level in these kinds of attacks.

Cryptocurrency a Likely Target

Names like “New Updates in Crypto Exchange” and “New Era for Stablecoins” for the malicious applications suggest that cryptocurrency and DeFi platforms may be the prime target. Once run, one of these apps loads a modified Minesweeper game. But all of this might suggest that the malware is at its testing stage, as it appears to be a test run, not yet a fully-fledged cyber-weapon.

A Pattern of Cyber Attacks

North Korean cyber operations have long been characterized by ingenuity and a focus on the exploitation of high-value targets. This October, for instance, North Korean hackers exploited a Chrome vulnerability to steal cryptocurrency wallet credentials. This organized cyber network is estimated to have generated over $3 billion from cyber-attacks over the last six years according to UN estimates, underlining reliance upon cyber operations by North Korea as a source of funding.

The revelation of this new malware simply indicates that people should be more cautious and that security should be tightened, particularly as the cyber-capabilities of North Korea evolve. For Apple and its users, the incident was a reminder of burgeoning threats even to highly secure systems in today’s digital landscape.

coinbase
Changelly