Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This new macOS malware could leave you severely short-changed

Cyber, attack, hacked word on screen binary code display, hacker.

The North Korean hacking collective Lazarus Group is back at it again, targeting blockchain engineers with advanced data exfiltration and remote code execution-capable trojans.

A report from researchers Elastic Security observed a new attack that originated on Discord and targeted the cryptocurrency community. By deploying a simple social engineering strategy, the attackers try and convince the victim to download a file named “Cross-platform Bridges.zip”, thinking it’s an arbitrage bot.

Arbitrage bots are usually legitimate pieces of code that allow users to automate buying crypto on one exchange and selling it on another where the price is slightly different. The changes in the prices are minuscule, but with automation and a hefty sum to get going, some people claim the bots work well. Usually, the bots can be purchased for tens of thousands of dollars. 

State-sponsored threat actors

But obviously, the victims wouldn’t be getting the bot. Instead, they’d get the KandyKorn malware, built for the macOS and capable of a number of things, including gathering system information, listing directory contents, downloading and running files on the victim’s endpoint, deleting files, killing processes, stealing files, and more.

The malware was built by the infamous Lazarus Group, the researchers allege, basing these claims on code and campaign overlaps with previous instances that were attributed to the North Koreans.

Lazarus is a known group, with strong ties with the North Korean government. Allegedly, it was behind some of the biggest crypto heists in history, including the attack on the Ronin bridge, which left the protocol some $600 million short. The stolen money is being used to fund the North Korean government and its nuclear program, western intelligence agencies claim.

This group is also well-known for running fake job schemes, tricking developers into downloading malware during the “hiring” process.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.