Get all your news in one place.

100’s of premium titles.
One app.

Get all your news in one place.

100’s of premium titles. One news app.

TechRadar

Sead Fadilpašić

This new macOS malware could leave you severely short-changed

Crypto Lazarus Group

Cyber, attack, hacked word on screen binary code display, hacker.

The North Korean hacking collective Lazarus Group is back at it again, targeting blockchain engineers with advanced data exfiltration and remote code execution-capable trojans.

A report from researchers Elastic Security observed a new attack that originated on Discord and targeted the cryptocurrency community. By deploying a simple social engineering strategy, the attackers try and convince the victim to download a file named “Cross-platform Bridges.zip”, thinking it’s an arbitrage bot.

Arbitrage bots are usually legitimate pieces of code that allow users to automate buying crypto on one exchange and selling it on another where the price is slightly different. The changes in the prices are minuscule, but with automation and a hefty sum to get going, some people claim the bots work well. Usually, the bots can be purchased for tens of thousands of dollars.

State-sponsored threat actors

But obviously, the victims wouldn’t be getting the bot. Instead, they’d get the KandyKorn malware, built for the macOS and capable of a number of things, including gathering system information, listing directory contents, downloading and running files on the victim’s endpoint, deleting files, killing processes, stealing files, and more.

The malware was built by the infamous Lazarus Group, the researchers allege, basing these claims on code and campaign overlaps with previous instances that were attributed to the North Koreans.

Lazarus is a known group, with strong ties with the North Korean government. Allegedly, it was behind some of the biggest crypto heists in history, including the attack on the Ronin bridge, which left the protocol some $600 million short. The stolen money is being used to fund the North Korean government and its nuclear program, western intelligence agencies claim.

This group is also well-known for running fake job schemes, tricking developers into downloading malware during the “hiring” process.

Via BleepingComputer

More from TechRadar Pro

Got a virus? Here is the best malware removal software
FBI - North Korean Lazarus hackers could be about to cash in millions of stolen Bitcoin
Read our list of the best firewall software

Sign up to read this article

Read news from 100’s of titles, curated specifically for you.

Already a member? Sign in here

Top stories on inkl right now

How did the strike on a Golan Heights soccer field happen? Here’s what we know

How did the strike on a Golan Heights soccer field happen? Here’s what we know

Two days after a rocket slammed into a soccer pitch in the Israel-controlled Golan Heights, killing 12 children, many questions remain about the attack on the Druze town of Majdal Shams

The Independent UK

EU states ‘not properly investigating’ reports of rights violations at borders

EU states ‘not properly investigating’ reports of rights violations at borders

Fundamental rights body warns of flawed approach to credible accounts of ill-treatment and loss of life

The Guardian - UK

Harris’s VP list: Gretchen Whitmer and Roy Cooper say they’re not in running

Harris’s VP list: Gretchen Whitmer and Roy Cooper say they’re not in running

Michigan and North Carolina governors out as remaining likely running mates are white men governing swing states

The Guardian - US

Opposition claims to have proof showing electoral win as protesters take down government symbols across Venezuela

Opposition claims to have proof showing electoral win as protesters take down government symbols across Venezuela

From tearing down posters of Maduro's presidential campaign to tumbling down statues of Chávez, protesters unloaded their frustration throughout the day

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Texas megachurch pastor quits over ‘inappropriate’ behavior

Texas megachurch pastor quits over ‘inappropriate’ behavior

Josiah Anthony steps down from role at Cross Timbers church in Fort Worth, as officials decline to give details

The Guardian - US

US will send $1.7 billion in military aid to Ukraine

US will send $1.7 billion in military aid to Ukraine

The U.S. has announced that it will send $1.7 billion in military aid to Ukraine, including an array of munitions for air defense systems, artillery, mortars and anti-tank and anti-ship missiles

The Independent UK

Related Stories

Top stories on inkl right now

How did the strike on a Golan Heights soccer field happen? Here’s what we know

How did the strike on a Golan Heights soccer field happen? Here’s what we know

Two days after a rocket slammed into a soccer pitch in the Israel-controlled Golan Heights, killing 12 children, many questions remain about the attack on the Druze town of Majdal Shams

The Independent UK

EU states ‘not properly investigating’ reports of rights violations at borders

EU states ‘not properly investigating’ reports of rights violations at borders

Fundamental rights body warns of flawed approach to credible accounts of ill-treatment and loss of life

The Guardian - UK

Harris’s VP list: Gretchen Whitmer and Roy Cooper say they’re not in running

Harris’s VP list: Gretchen Whitmer and Roy Cooper say they’re not in running

Michigan and North Carolina governors out as remaining likely running mates are white men governing swing states

The Guardian - US

Opposition claims to have proof showing electoral win as protesters take down government symbols across Venezuela

Opposition claims to have proof showing electoral win as protesters take down government symbols across Venezuela

From tearing down posters of Maduro's presidential campaign to tumbling down statues of Chávez, protesters unloaded their frustration throughout the day

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Texas megachurch pastor quits over ‘inappropriate’ behavior

Texas megachurch pastor quits over ‘inappropriate’ behavior

Josiah Anthony steps down from role at Cross Timbers church in Fort Worth, as officials decline to give details

The Guardian - US

US will send $1.7 billion in military aid to Ukraine

US will send $1.7 billion in military aid to Ukraine

The U.S. has announced that it will send $1.7 billion in military aid to Ukraine, including an array of munitions for air defense systems, artillery, mortars and anti-tank and anti-ship missiles

The Independent UK

Our Picks

Deadpool star Ryan Reynolds' trainer shares 5 exercises you need to build superhero arms

Celebrity trainer Don Saladino shares his favourite tricep exercises and there's not a push-down in sight...

Robert Downey Jr is official as Marvel’s Doctor Doom — everything you need to know

Marvel announced Robert Downey Jr. would return to the MCU — as the supervillain Doctor Doom. Here's why this blockbuster move will redefine the MCU forever.

Cape Cod Bracelets Were a Coastal Classic Long Before TikTok

As a third-generation Cape Codder, I have some thoughts on the Coastal Grandmother staple.

Dark matter could play 'matchmaker' for supermassive black holes

Dark matter could act as a cosmic matchmaker between dark matter and merging supermassive black holes, solving astronomy's "final parsec problem."

"I was too drunk." Guns N' Roses man Duff McKagan on the "first and only" time he met Prince

Duff has some serious regrets about meeting the iconic Prince, but it seems he actually made a solid impression

One of Marvel's First Stars Just Called Out the Biggest Problem with 'Avengers: Doomsday'

Robert Downey Jr. is now Iron Man AND Doctor Doom. How in the name of the MCU does this work? Here's why fans have a right to be confused.

Fourteen days free

Download the app

One app. One membership.
100+ trusted global sources.

Download on the AppStore

Get it on Google Play