A Korean group attacks an Exchange using a Trojan for MacOS

No, the cybercriminals They don’t have a very hot vacation to do and they keep looking for ways to do evil. This time we will talk about another attack on a cryptomoneda exchange but completely different from the ones we’ve seen so far… this time, the cybermalotes they have taken their time to prepare the attack and all the associated infrastructure for no one to suspect their activities and have come to develop a Trojan for MacOS, let’s see it.

We have already commented sometimes how these attacks on cryptomoneda exchanges are gaining in sophistication to be more and more difficult to detect. However, this case is completely different and more striking as no vulnerability of the Exchange or deceived users as in the case of MyEtherWallet, in this case, the technicians themselves of the Exchange! To what?

cool? It’s supposed to be qualified personnel with some security training…

In addition, the cyber criminals who have carried out this attack belong to Lazarus, a group of bad-bad-bad ones that has already been on the news a few times for being those responsible for hacking Sony Pictures (Remember the Sony hacking that affected the Play Station Network?) in addition to violating the security of some banks, for example, $81 million was taken from the Central Bank of the People’s Republic in Bangladesh.

On this occasion, the children of Lazarus have attacked the weakest link in the chain, that we are always humans.. To that end, created a malware which they introduced into an application of trading, that is, those used to buy and sell cryptomonedas in different Exchanges. Once the software is created, the malware included, sent an email to Exchange in question (they would surely send it to several of them) with a link to download the program for free. One of the employees of this Exchange received the link and, in plain sight

the application seemed very attractive, besides making you buy time by managing several Exchanges simultaneously (not usually operated with only one as we have already said before).

The point is, the program, which was called Celas Trade Pro by Celas Limited I looked very good as we said, was in a lawful site owned by Celas Limited and had its green candidate issued by a trusted entity like the connection to the site was secure… all right Right? That’s what the technician thought, but to be sure still, he passed the application already downloaded by his antivirus: all clean and without malware, so he finally decided to install it animated by the email that had sent him where it was told that it was a free version but in that it would soon be d

and payment.

Yeah, so far we’d have had anyone.

The point is, just install the application, the program was connected to the Internet to download a more recent version… and that’s where the malware prepared for installation. Instead of installing an update, the program downloaded a new version that included a Trojan (do you remember what a Trojan is? We’ve already talked about them before.) which allowed the Malotes access to our friend’s computer and hence to the entire network of Exchange…

Lessons learned

You’re smart to fuck, huh? But above all we have to rerealize that Most of the time the intrusions come from a human error.. We’re too confident. When they spread the first ransomware were camouflaged on Iberdrola’s bills that we would have without thinking, then in an email post saying we had a package to pick up (have you ever sent an email to anyone?), before that the attacks of P

hishing told us that something strange had been detected in our bank account and that we had to introduce the credentials in order to solve it and avoid blocking it…. or even the number and PIN of the credit card! And before that, we got an e-mail saying ‘I send you the photos of Claudia Schiffer’ (yes, I am from Claudia Schiffer’s time, although he has never especially attracted my attention) and when we gave him clickIt wasn’t Claudia Schiffer.. They’re still trying to fool us because they know we bite., so get a lot of eye before you do clicks in links or in adj

Unsolicited persons to reach us by email, by WhatsApp or by any other method, it’s worth stopping for 30 seconds to think if what we’re reading is actually what it says it is.