Skip to main content

MacBooks are being targeted by North Korean hackers: What to do

(Image credit: Andrew Brookes/Getty Images)

One of the most dangerous hacking groups linked to North Korea is now targeting MacBooks with malware previously used to infiltrate Windows and Linux systems.

As Tom's Guide reported, Malwarebytes researchers earlier this week discovered a Mac variant of the Dacls Remote Access Trojan (RAT) linked to North Korea's Lazarus group (also known as Hidden Cobra). 

This same attack was uncovered by Qihoo 360 NetLab in December of last year and originally used to gain remote access to Windows and Linux machines. As Malwarebytes wrote, the newly-discovered Mac version is being distributed through a "Trojanized" two-factor authentication app called MinaOTP, which is mostly used in China. 

The Mac variant of the malware is capable of the same damage as the Linux version. It even shares the same code, "Similar to the Linux variant, it boasts a variety of features including command execution, file management, traffic proxying and worm scanning," Malwarebytes warns. 

This means an attacker could remotely gain access to a system and have full control of the laptop or desktop. They would be able to launch software or download, read, write or delete files on a system. 

It's not clear how many systems, if any, have been exploited by the malware. 

What to do now

State-sponsored exploits like this one don't typically pose an immediate threat to everyday consumers. These types of attacks are almost always designed to go after politicians, celebrities or other high-profile targets, either for notoriety or financial gain. 

However, as Tom's Guide notes, North Korea's hackers, particularly the Lazarus group, have proven to go after anyone in their path in order to make money. The Lazarus group is best known as the primary suspect behind the devastating 2017 WannaCry attack that spread around the world, infecting more than 300,000 computers. 

The best thing you can do to protect your MacBook is to download antivirus software. Malwarebytes, Microsoft, Kaspersky, and Trend Micro already have measures in place to guard against these types of attacks.