According to Naked Security, Patrick Wardle and K7 Security's Dinesh Devadoss have caught North Korea's Lazarus Group attempting to insinuate another fileless Trojan into the macOS ecosystem. The malware presents itself as a cryptocurrency trading app. Once it's in, the malware runs out of main memory. Its purpose isn't entirely clear, but it appears to be financial: cryptocurrency theft. Fortunately macOS users will see two big red flags waved in front of them should they decide to download the app. First, a pop up warns that the installer is unsigned, and, second, there's a prompt telling the user to grant the installer root access, which is rarely a good idea.
Bayerische Rundfunk reported at the end of last week that Ocean Lotus (also known as APT32), a hacking group associated with the government of Vietnam, has been detected in the networks of both BMW and Hyundai. Neither company would directly answer the news service’s questions. BMW responded with generalities about the company’s security posture, the need for discretion in talking about specific cybersecurity incidents, and so forth, along with offering reassurances that they’re addressing any security issues. The company is said, by ZDNet, to have monitored Ocean Lotus’s intrusions into its networks for a few months before finally expelling the hackers at the end of November.
Bayerische Rundfunk also notes that Ocean Lotus seems to have established websites spoofing those belonging to BMW and Hyundai, and that those spoofs may have in some way figured into the attacks. Engadget reports the episode as an instance of cyberespionage, with trade secrets as the probable target, noting that Vietnam has in recent years entered the automobile market with its own manufacturer. BMW is a parts supplier to Vietnam’s domestic producer, and that may have contributed to its selection as a target. Hanoi's national champion, VinFast, has been in operation for a little more than a year. As ZDNet points out, BMW and Hyundai aren’t the first companies to draw the interest of Vietnam’s industrial espionage operators: Toyota was an Ocean Lotus target earlier this year. Given that BMW at least was apparently aware of, and monitoring, Ocean Lotus activity in its networks for some time before it finally ejected the threat actor, we might expect to see research detailing the group's tactics, techniques, and procedures.