North Korean hackers have learned to bypass macOS security and seize remote access to Mac

Cybercriminals have used Google’s Flutter platform to create malware disguised as cryptocurrency apps that ultimately allow remote access to the victim’s Apple Mac. According to a report from Jamf Threat Labs, at least three malicious macOS applications found online are linked to North Korea.

Image source: crypto-news-flash.com

According to AppleInsider, the malicious applications were developed using Google’s Flutter platform and were named New Updates in Crypto Exchange, New Era for Stablecoins and DeFi, CeFi, CeFi”) and Runner (“Runner”). All of them are completely inconsistent with their names – they either include the Minesweeper game or pretend to be a note-taking app.

In fact, each of the apps contains malware that can bypass Apple’s automated security systems on macOS devices because it is created with a legitimate developer ID. The malicious apps send network requests to the North Korean domain to download malicious scripts that could ultimately give hackers access to the victim’s computer.

Apple has already responded to the threat and revoked app signatures, so macOS will no longer consider them secure. However, experts advise taking extra precautions. It is highly recommended to use two-factor authentication and a dedicated secure password management application, especially when using cryptocurrency.

And the crypto-phrase itself should not be stored digitally at all, even inside a password-protected application. The best option is to write it down on paper and store it in a locked box, safe, or other safe place.

To date, no reliable information has been provided about victims of North Korean malicious applications. However, experts believe that their activity is another sign that North Korean hackers are targeting the cryptocurrency sector. Analysts say North Korea has stolen billions of dollars through crypto scams, exploiting vulnerabilities and sending phishing emails to victims.

Image source: CNN

It should be noted that evidence of these atrocities by North Korean hackers is not publicly available, but, in accordance with modern trends, even unfounded accusations are enough to create the image of a deadly enemy.