The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new version for Mac is now spreading via a trojanized two-factor authentication (2FA) application for macOS called MinaOTP, mostly used by Chinese speakers, according to a Malwarebytes analysis.
The North-Korean Lazarus group is one of the most notorious state-sponsored actors out there. This latest attack is particularly interesting for two reasons. Firstly, it is targeting Mac users specifically – a trend that we\’ve been seeing an increase of over the years as Macs become a popular choice for organisations and consumers. Secondly, the fact that the RAT hides in a two-factor authentication app is particularly devious as it takes a user\’s desire for extra security and turns it against them. Users should always be wary of the apps they download and their sources. They should only download apps from official sources and not through third-party app stores or through links emailed to them. When in doubt, users should consult with their IT department as to which apps are approved and how to get them installed.