ぁ Ꭷbito- Posted January 1 Share Posted January 1 Social engineering attacks trick community members into downloading a malicious ZIP file called 'Cross-platform Bridges.zip', which imitates an arbitrage bot designed for automatic profit generation. New malware discovered in Apple's macOS, linked to the North Korean community; Lazarus Group, which has reportedly targeted blockchain engineers at a cryptocurrency exchange. The macOS malware "KandyKorn" is a stealthy backdoor capable of retrieving data, listing directories, uploading/downloading files, securely deleting, terminating processes, and executing commands, according to an analysis by Elastic Security Labs. The flowchart above explains the steps malware takes to infect and take control of users' computers. Initially, the attackers spread Python-based modules through Discord channels, posing as community members. Social engineering attacks trick community members into downloading a malicious ZIP file called “Cross-platform Bridges.zip,” which pretends to be an arbitrage bot designed for automated profit generation. However, the file imports 13 malicious modules that work together to steal and mani[CENSORED]te information. The report said: "We observed that the threat actor adopts a technique we have not seen from them before to achieve persistence on macOS, known as execution flow hijacking." The cryptocurrency sector remains the main target for Lazarus, motivated primarily by financial gain rather than espionage, which is its other main operational focus. The existence of KandyKorn highlights that macOS is within the scope of Lazarus, showing the remarkable ability of this threat group to create sophisticated, undetectable malware tailored to Apple computers. A recent exploit in Unibot, a po[CENSORED]r Telegram bot used to carry out operations on the decentralized exchange; Uniswap caused the token price to fall 40% in one hour Blockchain analysis firm Scopescan alerted Unibot users about an ongoing hack, which was later confirmed by an official source: "We experienced a token approval exploit from our new router and have paused them to contain the issue." Unibot promised to compensate all users who lost funds due to the contract exploit. Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investments and commercial movements involve risks and it is the responsibility of each person to do their due research before making an investment decision. https://es.cointelegraph.com/news/apple-mac-os-malware-targets-crypto-community-engineers Link to comment Share on other sites More sharing options...
Premium
Recommended Posts