Select Page

Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.

Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework — so-called because of the authors’ reference to the infrastructure as “MataNet” — comes with a wide range of features designed to carry out a variety of malicious activities on infected machines.

The MATA campaign is said to have begun as early as April of 2018, with the victimology traced to unnamed companies in software development, e-commerce and internet service provider sectors situated in Poland, Germany, Turkey, Korea, Japan, and India, cybersecurity firm Kaspersky said in its Wednesday analysis.

The report offers a comprehensive look at the MATA framework, while also building on previous evidence gathered by researchers from Netlab 360, Jamf, and Malwarebytes over the past eight months.

Last December, Netlab 360 disclosed a fully functional remote administration Trojan (RAT) called Dacls targeting both Windows and Linux platforms that shared key infrastructure with that operated by the Lazarus Group.

Then in May, Jamf and Malwarebytes uncovered a macOS variant of Dacls RAT that was distributed via a trojanised two-factor authentication (2FA) app.

images from Hacker News