The Russia-based security firm, Kaspersky Labs, has just released a detailed report on the ‘AppleJesus’ operation hitting an unnamed exchange. The malware was released by a notorious Korean cybercrime organization known as Lazarus. In recent months, the group has infiltrated banks and global cryptocurrency exchanges.
The discovery of operation AppleJesus
Kaspersky was investigating an unnamed exchange that was attacked by Lazarus and discovered the trojan cryptocurrency trading application. An employee of the company had downloaded a third-party application, which had been recommended via company email. The website looked legitimate, and the associated malware is known as FallChill, a malware that Lazarus is known for using.
The malicious code was not inserted into the website, as this would have been too obvious. A trading application known as Celas Trade Pro looked genuine, but the update to the application contained the malware. Despite even having a valid signature, the updater.exe file was designed to collect user data, encrypt it, and send it back to the hackers. The host computer is now compromised. The same procedure applies for Mac OS machines. In this case, the updater file is called .com.celastradepro.plist.
Because the code writer developed the project under the codename ‘Jesus’ and it is the first cryptovirus of its kind targeting Mac OS as well as Windows, the operation was aptly named AppleJesus.
More security needed in the crypto exchange industry
While anybody could have fallen for the download, it is usually company policy never to open email or message attachments, as they are the primary form of social engineering. A crypto exchange employee should arguably have known better, and the company itself should have had more rigorous standards for application download.
The number of cryptocurrency exchanges that are getting hacked is on the rise, and the situation seems to be getting worse, not better. There is also a rise in cybercrime in general, according to the latest reports. Hackers are getting more inventive and there are a number of increasingly sophisticated and elaborate scams taking place, particularly in China, with heists involving over one million computers.
Users are advised to keep crypto funds in hardware wallets, or at least local. They are simply not safe on exchanges, and it is obvious that hackers have a definite advantage right now over security personnel. Operation AppleJesus is ongoing and the suspects, like most, have not been caught. According to Kaspersky, a Linux version of the malware is on its way.
Digital Nomad with an interest in Zen and Blockchain technology.
Law graduate with 3 years experience as a consultant in the capital markets industry and 4 years experience freelancing on UpWork as a Creative Writer.