New malware discovered on Apple’s macOS – linked to North Korean hacking group Lazarus – reportedly targeted blockchain engineers at a cryptocurrency exchange.
The macOS malware “KandyKorn” is a stealthy backdoor capable of scraping data, listing directories, uploading/uploading files, securely deleting, terminating processes, and executing commands, according to a analysis by Elastic Security Labs.
The flowchart above explains the steps the malware takes to infect and hijack users’ computers. Initially, attackers distributed Python-based modules through Discord channels pretending to be community members.
Social engineering attacks trick community members into downloading a malicious ZIP archive named “Cross-platform Bridges.zip” – imitating an arbitrage bot designed for automated profit generation. However, the file imports 13 malicious modules that work together to steal and manipulate information. The report said:
“We observed the threat actor adopt a technique we have never seen them use before to achieve persistence on macOS, known as execution flow hijacking. »
The cryptocurrency sector remains a primary target for Lazarus, primarily motivated by financial gain rather than espionage, their other main operational objective.
The existence of KandyKorn highlights that macOS is well within Lazarus’ targeting zone, demonstrating the threat group’s remarkable ability to create sophisticated, stealthy malware tailored to Apple computers.
Related: Onyx Protocol exploiter begins siphoning $2.1 million in loot from Tornado Cash
A recent exploit on Unibot, a popular Telegram bot used to snipe transactions on decentralized exchange Uniswap, caused the token’s price to drop by 40% in an hour.
Current exploit size is around $560,000
Address of the exploiter: https://t.co/ysyTmgUAit pic.twitter.com/MF85Fdk892
— Scopescan (.) (@0xScopescan) October 31, 2023
Blockchain analytics company Scopescan alerted Unibot users of a hack in progress, which was later confirmed by an official source:
“We encountered a token trust exploit from our new router and have paused our router to contain the issue.”
Unibot has pledged to compensate all users who lost funds due to the contract exploit.
Review: Billionaire Slumdog 2: ‘The Top 10…brings no satisfaction,’ says Polygon’s Sandeep Nailwal