Lazarus APT Group, a group of hackers allegedly from North Korea have generated another piece of malware targeting Apple Macs. The software is promoted by way of a fake cryptocurrency firm.

Apple Mac security specialist and chief security researcher for Jamf, Patrick Wardle described the malware, as discovered by MalwareHunterTeam (MHT) researchers.

MHT and Wardle have cautioned that at the time of their warning, the malware went undetected by various virus detection systems, developed along the same lines as previous macOS crypto-malware.

The Lazarus APT group (DPKR ??) is all about macOS backdoors these days!

?? New blog post tears apart their latest (undetected) creation: https://t.co/EzClx4bBfN

Post covers:
? infection
? persistence
⚙️ capabilities
?️ detection/IOCs
…and more!

H/T @malwrhunterteam pic.twitter.com/j9If1hWEIr

— patrick wardle (@patrickwardle) October 13, 2019

As with the previous crypto attack, the hackers have created a bogus cryptocurrency company called JMT Trading. They modified the code for an open-source cryptocurrency trading platform, uploaded it to GitHub, and spread the malware to unsuspecting downloaders by way of a backdoor script.

With this malware installed, a remote hacker is able to have complete control and command over infected computers running MacOS.

Patrick Wardle reports that the most likely targets of this malware are crypto exchange employees who are more likely to download the software than less technical retail investors.

Lazarus Group is estimated to have used its cybercrime expertise to steal $571M in digital assets over the past year. They are also suspected of involvement in the $532M NEM hack on the Japanese exchange, Coincheck.

Anne Neuberger, manager of the National Security Agency (NSA) Cybersecurity Directorate in the US lay blame on North Korea as the state sponsor of these attacks.