North Korean Malware Targets macOS Users by Evading Apple Notarization

WikiBit 2024-11-13 17:13

According to Cointelegraph, North Korean hackers appear to have developed malware capable of bypassing Apple’s security checks.

Researchers at Jamf Threat Labs, specializing in Apple security, stated that the identified applications seem to be experimental. This marks the first time this technique has been observed targeting Apple‘s macOS operating system, although it does not work on the latest macOS versions. The researchers found that Microsoft’s VirusTotal online scanning service flagged these apps as harmless, while in reality, they contain malicious code. Variants of the malware are written in Go and Python and utilize Googles Flutter application framework, an open-source toolkit for building cross-platform applications.

Out of six malicious applications identified, five were signed with developer accounts and temporarily notarized by Apple. The researchers noted that the malware‘s domains and techniques bear strong similarities to those used in other North Korean hacker campaigns. There is evidence suggesting that this malware was signed and even temporarily passed Apple’s notarization process. However, it remains unclear whether the malware has been deployed in any actual attacks or if the attackers are preparing for a new method of distribution. It is likely that this is part of a broader weaponization test.

Disclaimer：

The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.