Comment: Lazarus Group Hides macOS Spyware In 2FA Application

The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new version for Mac is now spreading via a trojanized two-factor authentication (2FA) application for macOS called MinaOTP, mostly used by Chinese speakers, according to a Malwarebytes analysis.

Experts Comments

May 08, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
The North-Korean Lazarus group is one of the most notorious state-sponsored actors out there. This latest attack is particularly interesting for two reasons. Firstly, it is targeting Mac users specifically - a trend that we've been seeing an increase of over the years as Macs become a popular choice for organisations and consumers. Secondly, the fact that the RAT hides in a two-factor authentication app is particularly devious as it takes a user's desire for extra security and turns it against.....Read More
The North-Korean Lazarus group is one of the most notorious state-sponsored actors out there. This latest attack is particularly interesting for two reasons. Firstly, it is targeting Mac users specifically - a trend that we've been seeing an increase of over the years as Macs become a popular choice for organisations and consumers. Secondly, the fact that the RAT hides in a two-factor authentication app is particularly devious as it takes a user's desire for extra security and turns it against them. Users should always be wary of the apps they download and their sources. They should only download apps from official sources and not through third-party app stores or through links emailed to them. When in doubt, users should consult with their IT department as to which apps are approved and how to get them installed.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts