New crypto malware attack on MacOS!

MacOS malware (REF7001) execution flow. Source: elastic.co

A new strain of malware called “KandyKorn” has been discovered on Apple’s macOS, which is believed to be linked to the North Korean hacking group Lazarus. This malware targets blockchain engineers of a cryptocurrency exchange platform and is capable of data retrieval, directory listing, file upload/download, secure deletion, process termination, and command execution.

The attackers spread Python-based modules via Discord channels by impersonating community members and tricking victims into downloading a malicious ZIP archive named “Cross-platform Bridges.zip.” The archive contains 13 malicious modules that work together to steal and manipulate information.

This incident highlights the fact that macOS is within Lazarus’ targeting range, demonstrating the group’s ability to create sophisticated and inconspicuous malware tailored for Apple computers. The cryptocurrency sector remains a prime target for Lazarus, with their primary motive being financial gain rather than espionage.

In related news, a recent exploit on Unibot, a popular Telegram bot used to snipe trades on the decentralized exchange Uniswap, resulted in the loss of approximately $560,000 worth of tokens. Blockchain analytics firm Scopescan alerted Unibot users about the ongoing hack, which was later confirmed by an official source. Unibot promised to compensate all users who lost funds due to the contract exploit.

Related posts