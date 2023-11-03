HamberMenu
  1. ICC World Cup
  2. Elections
  3. Health
  4. Editorial
  5. SEARCH Icon
  1. ICC World Cup
  2. Elections
  3. Health
  4. Editorial
  5. SEARCH Icon

To enjoy additional benefits

ShowcaseCrossword+

CONNECT WITH US

Malware for Apple’s macOS targets blockchain engineers of crypto exchange platform: Report

A new malware on Apple’s macOS is being used by threat actors to target blockchain engineers of a cryptocurrency exchange platform

November 03, 2023 03:05 pm | Updated 03:05 pm IST

The Hindu Bureau
A new malware affecting Apple’s macOS was found targeting blockchain engineers of a cryptocurrency exchange platform.

A new malware affecting Apple’s macOS was found targeting blockchain engineers of a cryptocurrency exchange platform. | Photo Credit: Reuters

A new malware affecting Apple’s macOS was found targeting blockchain engineers of a cryptocurrency exchange platform. The malware, dubbed “KandyKorn,” is being attributed to the North Korean Lazarus hacking group.

The attackers impersonate members of the cryptocurrency community on Discord channels to spread the Python-based modules that trigger a multi-stage KandyKorn infection chain, as reported by Bleeping Computer.

The campaign is aimed at accessing and stealing data from the infected computer and avoids detection by hijacking the real Discord app following a series of binary renaming actions.

ALSO READ
As Apple alert to Opposition leaders is investigated, clarity remains out of reach

Attackers approach members of the crypto community on Discord channels using social engineering attacks to trick them into downloading a malicious ZIP archive named “Cross-platform Bridges.zip.”

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Victims are misled into believing that they are downloading a legitimate arbitrage bot designed for automated profit generation from crypto transactions. However, the Python script imports modules that unpack and execute scripts, which later establish a connection with the command-and-control server to obtain and load the final payload, KandyKorn, into the system memory, the report said.

In the final stage, a loader is used, which impersonates Discord and uses macOS binary code-signing techniques seen in past Lazarus campaigns.

The malware was first detected by Elastic Security and, based on overlaps with past campaigns, is being attributed to the Lazarus group.

ALSO READ
Apple launches M3 chip-powered MacBook Pro and 24-inch iMac

The existence of the malware underscores that macOS is well within the group’s targeting ranges. The Lazarus group targets the cryptocurrency sector mainly for financial gain rather than espionage, another area the group focuses on.

Related stories

Related Topics

Technology / cyber crime / World / internet

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.