Mac Backdoor Linked to Lazarus Targets Korean Users
Contents
Malware
Mac Backdoor Linked to Lazarus Targets Korean Users
We analyzed a new variant of a Mac backdoor attributed to the cybercriminal group Lazarus, observed to be targeting Korean users with a macro-embedded Microsoft Excel spreadsheet and a malicious Adobe Flash component for persistence.
Save to Folio
Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a macro-embedded Microsoft Excel spreadsheet.
Similarities to an earlier Lazarus iteration
We analyzed a malicious sample first discovered by Twitter user cyberwar_15, and found that it used an Excel document with an embedded macro, which is similar to a previous attack by the Lazarus group.
Figure 1. The spreadsheet displays a fairly known psychological test (similar to one found here); …
Mac Backdoor Linked to Lazarus Targets Korean Users
We analyzed a new variant of a Mac backdoor attributed to the cybercriminal group Lazarus, observed to be targeting Korean users with a macro-embedded Microsoft Excel spreadsheet and a malicious Adobe Flash component for persistence.
Save to Folio
Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a macro-embedded Microsoft Excel spreadsheet.
Similarities to an earlier Lazarus iteration
We analyzed a malicious sample first discovered by Twitter user cyberwar_15, and found that it used an Excel document with an embedded macro, which is similar to a previous attack by the Lazarus group.
Figure 1. The spreadsheet displays a fairly known psychological test (similar to one found here); …
IoC
6f7a5f1d52d3bfc6f175bf2bbb665e4bd99b0453e2d2e27712fe9b71c55962dc
735365ef9aa6cca946cfef9a4b85f68e7f9f03011da0cf5f5ab517a381e40d02
d91c233b2f1177357387c29d92bd3f29fab7b90760e59a893a0f447ef2cb4715
http://craypot.live
https://crabbedly.club/board.php
https://craypot.live/board.php
https://indagator.club/board.php
735365ef9aa6cca946cfef9a4b85f68e7f9f03011da0cf5f5ab517a381e40d02
d91c233b2f1177357387c29d92bd3f29fab7b90760e59a893a0f447ef2cb4715
http://craypot.live
https://crabbedly.club/board.php
https://craypot.live/board.php
https://indagator.club/board.php