How North Korean hackers are using crypto apps to target Apple Mac devices

Hackers target macOS

North Korean hackers have reportedly developed a new malware that has evaded the stringent Apple security checks and embedded malware within Google’s Flutter applications. The hackers are reportedly using this app’s development tool to bypass security measures and infect Mac devices. Further, the hackers are targeting cryptocurrency-related businesses with multi-stage malware.

According to a report by AppleInsider, researchers at Jamf Threat Labs have uncovered malware embedded in macOS devices that look harmless on the surface. However, using popular app-building tools, like Google’s Flutter, cybercriminals have bypassed typical security measures and made consumers download a fake PDF file via phishing emails allegedly providing vital information about cryptocurrency.

Starting in November 2024, Jamf Threat Labs researchers have discovered multiple apps on VirusTotal that appeared to completely bypass all antivirus scans yet showcased "stage one" functionality, connecting to servers associated with North Korean threat actors. In particular, one variant, hidden within a fake crypto exchange game and built with Google's Flutter, downloads malicious scripts to remotely control infected Mac devices.

Moreover, another variant, disguised as a notepad app, utilises confusing AppleScripts to install malware. Once opened, though, the malware file starts a background download process on macOS machines, allowing BlueNoroff to remotely access and gather secret keys to digital cryptocurrency wallets.

Therefore, macOS users are advised to download apps from the Mac App Store only, which ensures stricter security settings are followed, and its timely software updates can help mitigate risks.