japanese crypto exchange hacked by jokerspy
admin 7 months ago
admin #news

Japanese Cryptocurrency Exchange Hit by JokerSpy Attack

Unidentified hackers have hacked a Japanese cryptocurrency exchange and installed JokerSpy malware on its macOS systems. This was disclosed by Elastic Security Labs, which tracks attackers under the code name REF9134.

JokerSpy is a powerful toolkit designed to exploit macOS Macs. It was first described by Bitdefender last week. JokerSpy consists of numerous programs written in Python and Swift that allow the collection of data and execution of arbitrary commands on compromised hosts.


One of the fundamental components of JokerSpy is a self-signed program called "xcc" that checks for full disk access and screen recording rights. The file is signed as XProtectCheck, which implies an attempt to disguise itself as XProtect, the built-in antivirus technology in macOS.


“On June 1, a new Python tool was spotted that ran from the same directory as xcc and was used to run an open-source post-operational tool for macOS called Swiftbelt,” claimed Elastic security experts.


The hack targeted a prominent Japanese cryptocurrency service provider specializing in asset swaps to exchange Bitcoin, Ethereum, and other mainstream cryptocurrencies. The name of the company was not divulged.


The "xcc" binary is executed with Bash through three distinct applications: IntelliJ IDEA, iTerm (terminal emulator for macOS), and Visual Studio Code.


Another module loaded as part of the attack is sh.py, a Python implant that is used as a conduit for delivering other post-exploitation tools, such as Swiftbelt.


macOS users should be careful not to download malicious files or apps from untrusted sources. It is also essential to use effective antivirus software and to frequently update the system and applications to protect data and bitcoin from hackers.

0
254
Hackers Exploit AWS S3 Stores To Spread Malicious Code via npm Packages

Hackers Exploit AWS S3 Stores To Spread Malicious Code via npm Package...

1673775682.png
admin
7 months ago
Anatsa Banking Malware Spreads On Google Play Store

Anatsa Banking Malware Spreads On Google Play Store

1673775682.png
admin
7 months ago
Darkweb Malware "Mystic Stealer" is Rapidly Spreading Among Attackers

Darkweb Malware "Mystic Stealer" is Rapidly Spreading Among Attackers

1673775682.png
admin
7 months ago
Kripto Clipper v2 Download

Kripto Clipper v2 Download

1673775682.png
admin
4 months ago
Malware Campaign Uncovered: Attackers Exploit YouTube to Distribute Aurora Infostealer

Malware Campaign Uncovered: Attackers Exploit YouTube to Distribute Au...

1673775682.png
admin
10 months ago