Although cryptocurrency has been around for several years, macOS managed to remain largely unscathed… until now. Kaspersky Lab researchers recently uncovered AppleJeus, a new malware that targets Apple’s computer operating system.
Table of Contents
Celas cryptocurrency network spreads AppleJeus malware
During a recent investigation into Celas cryptocurrency network, Kaspersky researchers came across a trojanized trading application.
Kaspersky researchers believe that North Korean-linked Lazarus group is behind the malware. The group attacked the company’s infrastructure when an unsuspecting employee downloaded a legitimate third-party application infected with the Fallchill malware.
Up until now, the group exclusively targeted Windows users but has now moved onto Apple’s macOS platform as well. According to the company’s website, a Linux version is also in the offing.
As of now, researchers are not entirely sure if the company has been penetrated by hackers or if it’s a front for spreading malware.
However, the hackers hosting their command and control server with the same hosting company as Celas suggests tentatively that the latter might be the case.
How AppleJeus works
AppleJeus camouflages itself as a cross-platform cryptocurrency trading tool called Celas Trade Pro. The tool behaves just like any other software and, therefore, easily flies past the user’s radar.
Here’s how the malicious app works.
- User installs the Celas Trade Pro on macOS.
- Installer runs the Updater module.
- Updater collects the target system’s information and relays it to a server.
- Once the user launches the tool, it creates a unique string for the target system and collects its process lists.
- Collected data is sent back to a server using a webserver this URL – www.celasllc.com/checkupdate.php.
How to keep your Mac safe
Now that the cat is out of the bag, who knows how many such malicious apps are out there in the wild. Even if you trade cryptocurrency using Celas Trade Pro, it’s important to know how to keep your Mac secure.
According to Kaspersky Lab, you should not automatically install applications on your computer, even if they come from reputed developers.
A robust antivirus software, two-factor authentication, and hardware wallets for cryptocurrency are a must.
And if possible, you should use standalone computers that you do not use for browsing and other online activities.
(Source – Kaspersky)
