Apple MacOS Malware Targets Crypto Community and Engineers

New macOS Malware Linked to Lazarus Group

A newly discovered malware on Apple's macOS has targeted blockchain engineers of a cryptocurrency exchange platform. The malware, called "KandyKorn," is a stealthy backdoor with capabilities for data retrieval, file upload/download, process termination, and command execution. It has been tied to the North Korean hacking group Lazarus. The malware's ability to infect and hijack users' computers is explained in a flowchart provided by Elastic Security Labs.

Social Engineering Attacks and Malicious Modules

The attackers behind KandyKorn have been spreading Python-based modules through Discord channels, impersonating members of the community. These social engineering attacks trick community members into downloading a malicious ZIP archive named 'Cross-platform Bridges.zip,' which appears to be an arbitrage bot for automated profit generation. However, the file contains 13 malicious modules that work together to steal and manipulate information. The malware also utilizes a technique called execution flow hijacking to achieve persistence on macOS.

Lazarus Group and Financial Motivation

The Lazarus Group has a history of targeting the cryptocurrency sector, primarily driven by financial gain. While their main focus is not espionage, they have demonstrated their ability to create sophisticated and inconspicuous malware tailored for Apple computers. The discovery of KandyKorn highlights that macOS is well within the Lazarus Group's targeting range.

Exploit on Unibot Causes Price Crash

An exploit on Unibot, a popular Telegram bot used for trading on the decentralized exchange Uniswap, resulted in a 40% price crash for the token in just one hour. The blockchain analytics firm Scopescan alerted Unibot users about the ongoing hack, which was later confirmed by an official source. Unibot has committed to compensating users who lost funds due to the contract exploit.