Week 41, 2019

Dark Arts | AppleJeus | GitLab | Muhstik

What a fun week! GitLab got DoS-ed briefly with someone mining bitcoin using CI jobs, a victim of Muhstik ransomware hacked attacker’s infrastructure and droped all of the decryption keys, details of the Ethereum Dark Arts exploit are now public, and other happenings in the blockchain security world.

Hacks

Crime

Vulnerabilities

Malware

  • Pass the AppleJeus - an excellent write-up by Objective-See of the new Lazarus group Mac backdoor posing as a cryptocurrency trading application called JMTTrader. The sample is related to a previous report by Kaspersky - Operation AppleJeus.

    Indicators:
    https://www[.]jmttrading[.]org
    https://beastgoc[.]com/grepmonux[.]php
    185[.]228[.]83[.]32
    74390fba9445188f2489959cb289e73c6fbe58e4
    /Library/LaunchDaemons/org.jmttrading.plist
    /Library/JMTTrader/CrashReporter

Research

Tools

Hope you enjoyed this week’s issue and see you next week!


Protect Your Crypto

Buy a hardware wallet: