A new piece of malware found on Apple’s macOS is reportedly linked to the North Korean hacker group Lazarus and targets blockchain engineers at cryptocurrency trading platforms.
The macOS malware “KandyKorn” is a stealth backdoor capable of data retrieval, directory listing, file upload/download, secure deletion, process termination and command execution. according to Analysis by Elastic Security Labs.
The flowchart above explains the steps the malware takes to infect and hijack a user’s computer. Initially, attackers spread Python-based modules through Discord channels by impersonating community members.
The social engineering attack tricked community members into downloading a malicious ZIP archive named “Cross-Platform Bridges.zip”, imitating an arbitrage bot designed to automatically generate profits. However, the file imported 13 malicious modules that worked together to steal and manipulate information. The report reads:
“We observed threat actors employing a technique we have not seen before to achieve persistence on macOS, namely execution flow hijacking.”
The cryptocurrency industry remains a primary target of Lazarus, whose primary motivation is financial gain rather than espionage, their other main business focus.
The existence of KandyKorn highlights that macOS is well within Lazarus’s target range, demonstrating the threat group’s ability to tailor sophisticated and unobtrusive malware to Apple computers.
related: Onyx Protocol Exploiters Start Stealing $2.1M in Tornado Cash
A recent vulnerability in Unibot, a popular Telegram bot used to snipe transactions on decentralized exchange Uniswap, caused the token price to plummet 40% in an hour.
.@TeamUnibot It seems that being exploited, the exploiters start from #unibot users and are exchanging them $ETH Now.
The current exploit size is approximately $560,000
Exploiter address: pic.twitter.com/MF85Fdk892
— Scopescan (.) (@0xScopescan) October 31, 2023
Blockchain analytics firm Scopescan issued an alert to Unibot users about an ongoing hack, which was later confirmed by official sources:
“We have experienced a token approval vulnerability with our new routers and have suspended our routers to contain the issue.”
Unibot promises to compensate all users who suffer financial losses due to contract loopholes.
Magazine: ‘Slumdog Billionaire 2’: ‘Top 10… doesn’t bring any satisfaction,’ says Polygon’s Sandeep Nailwal
Svlook
