According to Apple Mac security expert and chief security researcher at Jamf, Patrick Wardle: The hackers created a fake company with an official website called JMT Trading.
They also created an open source Cryptocurrency trading application and published it on GitHub. However this code hid one malware, which when downloaded to a Mac computer enabled the hacker to take control of the device. As Wardle said in a blog post: “Remote command capability clearly gives a remote attacker complete and expandable control of the infected system. MacOS. "
Hackers could then reach out to administrators and users on Cryptocurrency trading platforms, asking them to try and evaluate their new application, thus gaining access to an even larger target audience.
North Korea has repeatedly attempted to infiltrate Cryptocurrency funds and has succeeded to some extent. In August it was reported to have earned up to $ 2 billion, thanks to a series of attacks to banks and companies dealing with Cryptocurrency. Some of this money appears to finance the state's efforts to develop weapons of mass destruction.
This latest attack on macOS follows a strategy similar to a previous campaign, crawled by the company Kaspersky in August on 2018. In this case too, a fake Cryptocurrency company was created.
But Wardle says ordinary citizens are not at risk of being infected by this malware, only those who work for a digital currency trading company.