Comment: Lazarus Group Hides macOS Spyware In 2FA Application

By   ISBuzz Team
Writer , Information Security Buzz | May 08, 2020 07:16 am PST

The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new version for Mac is now spreading via a trojanized two-factor authentication (2FA) application for macOS called MinaOTP, mostly used by Chinese speakers, according to a Malwarebytes analysis.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
May 8, 2020 3:17 pm

The North-Korean Lazarus group is one of the most notorious state-sponsored actors out there. This latest attack is particularly interesting for two reasons. Firstly, it is targeting Mac users specifically – a trend that we\’ve been seeing an increase of over the years as Macs become a popular choice for organisations and consumers. Secondly, the fact that the RAT hides in a two-factor authentication app is particularly devious as it takes a user\’s desire for extra security and turns it against them. Users should always be wary of the apps they download and their sources. They should only download apps from official sources and not through third-party app stores or through links emailed to them. When in doubt, users should consult with their IT department as to which apps are approved and how to get them installed.

Last edited 3 years ago by Javvad Malik

Recent Posts

Would love your thoughts, please comment.x