Malware for Apple’s macOS targets blockchain engineers of crypto exchange platform: Report

November 03, 2023 03:05 pm | Updated 03:05 pm IST

A new malware on Apple’s macOS is being used by threat actors to target blockchain engineers of a cryptocurrency exchange platform

The Hindu Bureau

A new malware affecting Apple’s macOS was found targeting blockchain engineers of a cryptocurrency exchange platform. | Photo Credit: Reuters

A new malware affecting Apple’s macOS was found targeting blockchain engineers of a cryptocurrency exchange platform. The malware, dubbed “KandyKorn,” is being attributed to the North Korean Lazarus hacking group.

The attackers impersonate members of the cryptocurrency community on Discord channels to spread the Python-based modules that trigger a multi-stage KandyKorn infection chain, as reported by Bleeping Computer.

The campaign is aimed at accessing and stealing data from the infected computer and avoids detection by hijacking the real Discord app following a series of binary renaming actions.

Attackers approach members of the crypto community on Discord channels using social engineering attacks to trick them into downloading a malicious ZIP archive named “Cross-platform Bridges.zip.”

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Victims are misled into believing that they are downloading a legitimate arbitrage bot designed for automated profit generation from crypto transactions. However, the Python script imports modules that unpack and execute scripts, which later establish a connection with the command-and-control server to obtain and load the final payload, KandyKorn, into the system memory, the report said.

In the final stage, a loader is used, which impersonates Discord and uses macOS binary code-signing techniques seen in past Lazarus campaigns.

The malware was first detected by Elastic Security and, based on overlaps with past campaigns, is being attributed to the Lazarus group.

The existence of the malware underscores that macOS is well within the group’s targeting ranges. The Lazarus group targets the cryptocurrency sector mainly for financial gain rather than espionage, another area the group focuses on.

