Illegal affair in Mac operating system proceeds to increase, with malware makers producing out bugs that aim users of the popular operating system Apple. Discovered by Trend Micro as 'backdoor.macOS.nukespeed,' a new modification of a Mac backdoor is associated with the cyber-criminal club Lazarus, which was recently infamous for targeting Korean organizations with a crafted MS Excel spreadsheet.
Connections to a first Lazarus routine-
A malicious sample that was discovered by a twitter user named cyberwar_15 was analyzed, and the experts found that the virus used an embedded excel sheet to target the user. This kind of attack is similar to the one which was conducted by the Lazarus group. But, contrary to the earlier hack which includes many routines based on the Operating system the Excel sheet is running on, the embedded macro in this catalog will simply work a PowerShell text that joins to 3 C&C servers, established by the group Lazarus.
The Mac package also holds fake and genuine Flash Players-
Aside from the examined specimen, Qianxin Technology and @cyberwar_15 also found an inhospitable Mac application package doubted to be connected to the crime as it yields alike C&C servers with crafted spreadsheets. But, this is merely a bait as the original flash player file is carried as a concealed Mac OS catalog. The package holds 2 adobe flash player files, one being a genuine version while the other a fake version named as 'trojan.macOS.nukesped.b.' The application will operate on the micro-size flash player file as its primary actor, which is the fake variant that simply acts as an 'adobe flash player'. To hide the malicious hacking activity, the virus runs the genuine flash player to do the trick.
Conclusion-