Apple MacOS malware targets crypto community and engineers
A new malware discovered on Apple’s macOS — tied to the North Korean hacking group Lazarus — has reportedly targeted blockchain engineers of a cryptocurrency exchange platform.
The macOS malware “KandyKorn” is a stealthy backdoor capable of data retrieval, directory listing, file upload/download, secure deletion, process termination and command execution, according to an analysis by Elastic Security Labs.
MacOS malware (REF7001) execution flow. Source: elastic.co
The above flowchart explains the steps taken by the malware to infect and hijack users’ computers. Initially, the attackers spread Python-based modules via Discord channels by impersonating community members.
The social engineering attacks trick community members into downloading a malicious ZIP archive named “Cross-platform Bridges.zip” — imitating an arbitrage bot designed for automated profit generation. However, the file imports 13 malicious modules that work together to steal and manipulate information. The report read:
“We observed the threat actor adopting a technique we have not previously seen them use to achieve persistence on macOS, known as execution flow hijacking.”
The cryptocurrency sector remains a primary target for Lazarus, primarily motivated by financial gain rather than espionage, their other main operational focus.
The existence of KandyKorn underscores that macOS is well within Lazarus’ targeting range, showcasing the threat group’s remarkable ability to craft sophisticated and inconspicuous malware tailored for Apple computers.
Related: Onyx Protocol exploiter begins siphoning $2.1M loot on Tornado Cash
A recent exploit on Unibot, a popular Telegram bot used to snipe trades on the decentralized exchange Uniswap, crashed the token’s price by 40% in one hour.
. @TeamUnibot seems exploited, the exploiter transfers memecooins from #unibot users and is exchanging them for the $ETH right now.
— Scopescan ( . ) (@0xScopescan) October 31, 2023
The current exploit size is ~$560K
Exploiter address: https://t.co/ysyTmgUAit pic.twitter.com/MF85Fdk892
Blockchain analytics firm Scopescan alerted Unibot users about an ongoing hack, which was later confirmed by an official source:
“We experienced a token approval exploit from our new router and have paused our router to contain the issue.”
Unibot committed to compensating all users who lost funds due to the contract exploit.
Magazine: Slumdog billionaire 2: ‘Top 10… brings no satisfaction’ says Polygon’s Sandeep Nailwal
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Trump’s meme token skyrockets 70% after VIP dinner invite
A whale spent over $4 million to buy VIRTUAL, WLD, COOKIE and other tokens
CloneX NFTs Hit a Wall as Images Vanish From OpenSea
SUI Jumps 73% After Grayscale and Mastercard Boost
SUI gains 73% in a week, driven by a Grayscale Trust listing and a strategic partnership with Mastercard.SUI Skyrockets After Major Institutional MovesMastercard Partnership Fuels Adoption HopesWhat’s Next for SUI?
Trending news
MoreCrypto prices
More
