Cybersecurity experts at ESET have recently uncovered a significant supply chain attack targeting macOS devices, orchestrated by the notorious Lazarus Group known for its advanced cyber operations. This breach, which commenced in March 2023, involved compromising the X_TRADER software and 3CX phone system apps, impacting unsuspecting users on both Windows and macOS platforms.
While macOS systems have traditionally been considered less vulnerable to malware compared to Windows devices, ESET’s telemetry data revealed a notable increase in detections following this incident. Nearly half of all macOS detections in the first half of 2023 were attributed to Potentially Unwanted Applications (PUAs), with Trojan detections experiencing a 16.8% surge, constituting 11.2% of all macOS detections during the same period.
Further investigations by ESET unveiled that malicious code was present in both Windows and macOS applications developed by 3CX. This compromise in the software build chain enabled the attackers to distribute a trojanized 3CX macOS application, identified as OSX/NukeSped.P and digitally signed in late January.
The compromised application was only detected by ESET telemetry on February 14, 2023, with a subsequent increase in detections towards the end of March. The impacted systems were predominantly located in Germany, the United Kingdom, France, the United States, and Canada. While the primary objective of the attack was to distribute additional malware to select 3CX customers, only a few cases were observed, mainly in France and Chile, targeting cryptocurrency companies on both Windows and macOS platforms.
It is worth noting that the 3CX supply chain attack originated from a previous supply chain attack on Trading Technologies’ X_TRADER software in 2022, underscoring the evolving threat landscape and the critical need for bolstered cybersecurity measures across all platforms.
This incident underscores the importance of remaining vigilant and implementing robust security measures to combat evolving cyber threats. For more insights into these attacks, interested individuals can refer to the ESET Threat Report H1 2023.
Image Credit: Krisda / Shutterstock.com