ぁ Ꭷbito- Posted December 10, 2023 Posted December 10, 2023 Social engineering attacks trick community members into downloading a malicious ZIP file called 'Cross-platform Bridges.zip', which mimics an arbitrage bot designed for automatic profit generation. New malware has been discovered in Apple's macOS, linked to the North Korean collective; Lazarus Group, which has reportedly targeted blockchain engineers at a cryptocurrency exchange. The macOS malware "KandyKorn" is a stealthy backdoor capable of retrieving data, listing directories, uploading/downloading files, securely deleting, terminating processes, and executing commands, according to an analysis by Elastic Security Labs. The flowchart above explains the steps malware takes to infect and take control of users' computers. Initially, the attackers spread Python-based modules through Discord channels, posing as community members. Social engineering attacks trick community members into downloading a malicious ZIP file called “Cross-platform Bridges.zip,” which pretends to be an arbitrage bot designed for automated profit generation. However, the file imports 13 malicious modules that work together to steal and mani[CENSORED]te information. The report said: "We observed that the threat actor adopts a technique we have not seen from them before to achieve persistence on macOS, known as execution flow hijacking." The cryptocurrency sector remains the primary target for Lazarus, motivated primarily by financial gain rather than espionage, which is its other primary operational focus. The existence of KandyKorn highlights that macOS is within the scope of Lazarus, showing the remarkable ability of this threat group to create sophisticated, undetectable malware tailored to Apple computers. A recent exploit in Unibot, a po[CENSORED]r Telegram bot used to carry out operations on the decentralized exchange; Uniswap caused the token price to drop 40% in one hour. https://es.cointelegraph.com/news/apple-mac-os-malware-targets-crypto-community-engineers
Recommended Posts