A South Korean security expert says he is “unsurprised” by allegations that hackers from the North have developed a so-called “fake crypto app” that allows them to seize control of computers. The expert says Pyongyang cyber-criminals are becoming more “technologically adroit” in their methods of stealing cryptocurrencies and targeting crypto traders.
Seoul-based cybersecurity consultant Kim Yo-seb told Cryptonews.com,
“This sort of thing is right up their street. The North’s hackers have been sending out cryptojacking malware and ransomware in email links and attachments – primarily to South Korean users – for years. I suppose that developing fake cryptocurrency apps for the wider world is just the next logical step. I wouldn’t be shocked to learn that they are planning a new cryptocurrency-related raid that is yet more technologically adroit.”
A recent blog post from Patrick Wardle, an Apple security specialist and the principal security researcher at Jamf, claimed that the notorious Lazarus hacker group of Pyongyang has created a fake company named JMT Trading, replete with a legitimate-looking website.
The “fake company” then created what it claimed was an open-source cryptocurrency trading app for Apple computers, and shared it on Github. But Wardle claims that the code in fact contains malware that gives hackers unrestricted access to Mac devices.
Wardle told Forbes that the fake company could “go a step further by contacting administrators and users of cryptocurrency exchanges, asking them to test and review their new app.” If they are successful, said Wardle, they could win the confidence of an “official cryptocurrency vendor and start infecting targets.”
Kim told Cryptonews.com,
“Most smaller crypto exchanges have very low levels of security. They are low-hanging fruit for professional hackers like these.”
The North has made no secret of its fast-developing cryptocurrency plans – with recent claims that it is working on a token of its own, as well as exchanges and wallet services.