North Korean Malware Targets Windows, MacOS and Linux
Cybersecurity researchers at ReversingLabs claim that a recent malicious cyber campaign targeting MacOS, Linux, and Windows systems was carried out by the North Korean threat group Lazarus.
The VMConnect campaign, spotted in early August, consists of two dozen “malicious Python packages” posted on the openly accessible PyPI software repository, and after observing it for a few weeks ReversingLabs detected three more packages that belong to the VMConnect family.
According to Innovation New Network, analysis of the malicious packages used and their decrypted payloads reveals links to previous campaigns attributed to Labyrinth Chollima, an offshoot of the North Korean state-sponsored Lazarus Group.
ReversingLabs adds that a similar attribution was made by the JPCERT, which linked the attack it uncovered to DangerousPassword, another subsidiary of the Lazarus Group.