- Advanced Installer’s Crypto Twist - October 15, 2023
- Hackers Exploit Designers for Mining - October 15, 2023
- Hackers Target Binance Russia - September 26, 2023
Unknown hackers launched an attack on a Japanese cryptocurrency exchange, infecting its macOS computers with JokerSpy malware. Elastic Security Labs, tracking the attackers under the code name REF9134, reported the incident.
JokerSpy: A Sophisticated macOS Hacking Toolkit
JokerSpy is a sophisticated toolkit specifically designed to target macOS-based machines. It was recently described by Bitdefender. Comprising various programs written in Python and Swift, JokerSpy enables data collection and execution of arbitrary commands on infected hosts.
One of the key components of JokerSpy is a self-signed binary file called “xcc,” which checks for full disk access and screen write permission. The file is disguised as XProtectCheck, imitating the built-in antivirus technology in macOS.
Targeting a Major Japanese Cryptocurrency Service Provider
An established Japanese crypto supplier that specialized in trading assets like Bitcoins, Ethereum, and other well-known cryptocurrencies was the target of the assault. The organization’s name is not public knowledge.
Through the use of three separate programs – IntelliJ IDEA, iTerm (a macOS terminal emulator), and Visual Studio Code – the “xcc” binary is run using Bash.
Another Python implant called sh.py is deployed as part of the assault to serve as a delivery mechanism for additional post-exploitation tools like Swiftbelt.
Users of MacOS are urged to use caution and to refrain from downloading questionable files or software from shady websites. Additionally essential for defending data and Bitcoin from prospective hackers are the usage of dependable antivirus software, updating the operating system and programs, and maintaining preventative measures.