Researchers have discovered previously unknown Mac malware infecting a cryptocurrency exchange. It contains a full suite of capabilities, including the ability to steal private data and download and execute new malicious files.
Dubbed JokerSpy, the malware is written in the Python programming language and makes use of an open-source tool known as SwiftBelt, which is designed for legitimate security professionals to test their networks for vulnerabilities. JokerSpy first came to light earlier this month in this post from security firm Bitdefender. Researchers for the company said they identified Windows and Linux components, suggesting that versions exist for those platforms as well.
Five days later, researchers for security firm Elastic reported that the diagnostic endpoint protection tool they sell had detected xcc, a binary file that’s part of JokerSpy. Elastic didn’t identify the victim other than to say it was a “prominent Japanese cryptocurrency exchange.”