A New macOS Malware Targets Blockchain Engineers, Linked to Lazarus Group
A new malware called “KandyKorn” has been discovered on Apple’s macOS and is believed to be connected to the North Korean hacking group Lazarus. This malware specifically targets blockchain engineers of a cryptocurrency exchange platform. According to Elastic Security Labs, KandyKorn is a stealthy backdoor that can perform various functions such as data retrieval, directory listing, file upload/download, secure deletion, process termination, and command execution.
How KandyKorn Infects and Hijacks Computers
The malware infects users’ computers through a series of steps. The attackers distribute Python-based modules via Discord channels, posing as community members. They use social engineering tactics to trick community members into downloading a malicious ZIP archive named “Cross-platform Bridges.zip,” which appears to be an arbitrage bot for automated profit generation. However, the file contains 13 malicious modules that work together to steal and manipulate information. This technique, known as execution flow hijacking, is a new approach observed in Lazarus’ operations.
Lazarus Group’s Targeting of the Cryptocurrency Sector
Lazarus primarily targets the cryptocurrency sector for financial gain rather than espionage. The existence of KandyKorn demonstrates that macOS is within their targeting range, highlighting their ability to create sophisticated and inconspicuous malware specifically tailored for Apple computers.
Exploit on Unibot Causes 40% Price Crash
An exploit on Unibot, a popular Telegram bot used for trading on the decentralized exchange Uniswap, resulted in a 40% price crash for the token within one hour. Blockchain analytics firm Scopescan alerted Unibot users about the ongoing hack, which was later confirmed by an official source. Unibot has paused its router to contain the issue and has committed to compensating all users who lost funds due to the contract exploit.
Hot Take: Cybersecurity Threats Persist in the Crypto Space
The discovery of KandyKorn and the exploit on Unibot serve as reminders that cybersecurity threats continue to persist in the cryptocurrency space. It is crucial for blockchain engineers, cryptocurrency exchange platforms, and users to remain vigilant and adopt robust security measures to protect against such attacks. As the industry grows, so does the sophistication of malicious actors seeking financial gain through cybercrimes.
By
By
By