• Mon. Jun 17th, 2024

Japanese Exchange Hit by JokerSpy Attack

Avatar photo

ByMarcel Bich

Jul 31, 2023
Japanese Exchange Hit by JokerSpy Attack
Marcel Bich
Latest posts by Marcel Bich (see all)

Unknown hackers launched an attack on a Japanese cryptocurrency exchange, infecting its macOS computers with JokerSpy malware. Elastic Security Labs, tracking the attackers under the code name REF9134, reported the incident.

JokerSpy: A Sophisticated macOS Hacking Toolkit

JokerSpy is a sophisticated toolkit specifically designed to target macOS-based machines. It was recently described by Bitdefender. Comprising various programs written in Python and Swift, JokerSpy enables data collection and execution of arbitrary commands on infected hosts.

One of the key components of JokerSpy is a self-signed binary file called “xcc,” which checks for full disk access and screen write permission. The file is disguised as XProtectCheck, imitating the built-in antivirus technology in macOS.

Targeting a Major Japanese Cryptocurrency Service Provider

An established Japanese crypto supplier that specialized in trading assets like Bitcoins, Ethereum, and other well-known cryptocurrencies was the target of the assault. The organization’s name is not public knowledge.

Through the use of three separate programs – IntelliJ IDEA, iTerm (a macOS terminal emulator), and Visual Studio Code – the “xcc” binary is run using Bash.

Another Python implant called sh.py is deployed as part of the assault to serve as a delivery mechanism for additional post-exploitation tools like Swiftbelt.

Users of MacOS are urged to use caution and to refrain from downloading questionable files or software from shady websites. Additionally essential for defending data and Bitcoin from prospective hackers are the usage of dependable antivirus software, updating the operating system and programs, and maintaining preventative measures.

 
Avatar photo

Marcel Bich

Marcel ‘s passion for the world of cryptocurrencies and his comprehensive knowledge of blockchain technology make him an invaluable asset to our team. He stays updated on the latest trends, regulations, and emerging technologies in the crypto space, ensuring that our audience receives accurate and up-to-date information.