Apple macOS malware targets the crypto community and engineers.
New malware found on Apple macOS – linked to North Korean hacking group Lazarus – is said to be targeting the cryptocurrency exchange platform's blockchain engineers.
MacOS malware “KandyKorn” is a hidden backdoor capable of data extraction, directory listing, file upload/download, secure deletion, process termination and command execution, according to analysis by Elastic Security Labs.
The flowchart above explains the steps malware takes to infect and hijack users' computers. Initially, the attackers impersonated community members and distributed Python-based modules through Discord channels.
Social engineering attacks trick community members into downloading a malicious zip file called ‘Cross-platform Bridges.zip' – an arbitrage bot simulator designed to generate automated profits. But the file imports 13 malicious modules that work together to steal and manipulate data. The report says:
We've seen the threat actor use a technique known as execution flow hijacking that we haven't seen used before to gain persistence on macros.
The cryptocurrency sector remains a primary target for Lazarus, motivated primarily by financial gain rather than espionage, another of his main operational focuses.
The presence of KandyKorn underscores the fact that Macross is in Alazarus' target range, demonstrating the threat group's ability to create sophisticated and obfuscated malware tailored for Apple computers.
RELATED: Onyx Protocol Exploit Starts Looting $2.1M in Tornado Cash
A recent exploit against Unibot, the popular Telegram bot used to rig trades on the decentralized exchange Uniswap, caused the token price to fall by 40% within an hour.
.@TeamUnibot seems to have been exploited, the exploiter transfers memecooins from #Unibot users and is now exchanging them for $ETH.
The current exploit rate is ~$560k.
Exploit URL: pic.twitter.com/MF85Fdk892
— Scopescan (@0xScopescan) October 31, 2023
Blockchain analytics firm Scopescan warned of ongoing hacking of Unibot users, which was later confirmed by an official source:
“We encountered an exploit for token authorization from the new router and have disabled the router to contain the problem.”
Unibot is committed to compensating all users who have lost money due to the exploitation of the contract.
Magazine: Slumdog Billionaire 2: ‘Top 10… not satisfying,' says Polygon's Sandeep Nilwal.