The infamous cybercrime group Lazarus has resurfaced with its new malicious operation AppleJeus, Kaspersky Lab's ‘Global Research and Analysis Team’ (GReAT) has discovered.

The group, known for its sophisticated operations and links to North Korea is noted not only for its cyberespionage and cybersabotage attacks, but also for financially motivated attacks.

The goal of the group’s attack was to steal cryptocurrency from their victims. In addition to Windows-based malware, researchers were able to identify a previously unknown version targeting the macOS platform.

A number of researchers, including at Kaspersky Lab, have previously reported on this group targeting banks and other large financial enterprises.

“For macOS users this case is a wakeup call, especially if they use their Macs to perform operations with cryptocurrencies,” said Vitaly Kamluk, Head of GReAT APAC team at Kaspersky Lab.

“The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future.”

According the investigation, the penetration of the stock exchange’s infrastructure began when an unsuspecting company employee downloaded a third-party application from the legitimate looking website of a company that develops software for cryptocurrency trading.

The attackers penetrated the network of a cryptocurrency exchange in Asia using infected cryptocurrency trading software.

The nefarious software then provides the attackers with almost unlimited access to the attacked computer, allowing them to steal valuable financial information or to deploy additional tools for that purpose.

Last year the Lazarus group was reported to have stolen US$60 million from the Far Eastern International Bank of Taiwan - just one of its many high-profile attacks.