You can never be too careful with security, even on a Mac.
Per AppleInsider, a trio of malicious macOS apps found online have been tied to North Korea. The report, which was published by Jamf Threat Labs, noted that the apps were developed using Google’s Flutter platform and feature names like “New Updates in Crypto Exchange,” “New Era for Stablecoins and DeFi, CeFi,” and “Runner.” Once opened, the apps don’t match their names; they include either a basic minesweeper game or pose as a note-taking app. The apps also include malware that initially passed Apple’s automated security systems on macOS in that they were made with what was seen as a “legitimate” developer ID.
Once installed, the apps make network requests to a domain tied to the North Korean regime. From here, they can potentially download more malicious scripts that can ultimately give hackers access to a victim’s computer.
Apple has since revoked the apps’ signatures, and the applications will no longer be seen as safe to use on a macOS device.
It’s presently unknown whether these apps successfully targeted any victims, but it’s another sign that North Korean is continuing to target the crypto market. North Korea has swiped billions in ill-gotten crypto gains by running various crypto scams, exploiting vulnerabilities in blockchain systems, using the old Internet Explorer browser, and spamming victims with phishing emails that contain malware.
As always, in order to keep your devices safe, use two-factor authentication and a password management app. This way, your antivirus software can detect threats in real-time, and a hacker would have to gain access to your phone and your Mac to execute any transactions.
Stay tuned for additional details as they become available.
Via PCMag, AppleInsider, and Jamf Threat Labs