North Korean Hackers Unveil New Malware on macOS; Cryptocurrency Sector Faces Rising Threats
Summary:
The North Korean hacking group Lazarus has released a stealthy malware named "KandyKorn" on Apple's macOS, targeting blockchain engineers of a cryptocurrency exchange platform. The malware, capable of comprehensive data manipulation, is spread through Python-based modules on Discord channels. Cybersecurity experts highlighted the growing threat to macOS users, evident in the development of sophisticated malware specifically designed for Apple systems. Additionally, a recent exploit involved in draining $2.1M loot on Tornado Cash and an incident with a popular Telegram bot, Unibot, further underscores the increasing cybersecurity threats in the crypto sector.
The North Korean hacking group, Lazarus, has unveiled a new malware on Apple's macOS targeting blockchain engineers of a cryptocurrency exchange platform. Named "KandyKorn," this crafty malware serves as a backdoor allowing data extraction, file upload/download, secure elimination of files, termination of processes, and command execution. Specialists at Elastic Security Labs conducted the analysis.
To understand the process involved, consider the diagram provided by Elastic Security Labs portraying the malware operation flow. Attackers initially propagate the Python-based modules through Discord channels, disguising themselves as community members.
An element of manipulation involves luring community members into downloading a misleading ZIP file titled 'Cross-platform Bridges.zip', mirroring an automated arbitrative bot made for profit maximization. In reality, this file consists of 13 baleful modules working in unison to pilfer and modify details. The analysis report stated, "The threat actor deployed an unfamiliar but effective technique for persistent breakthrough in macOS, termed as execution flow hijacking."
Lazarus continues to consider the cryptocurrency sector a prime target, with their primary motivation being financial advantage rather than espionage, another significant concern. KandyKorn's existence highlights that Lazarus has macOS firmly within their crosshairs, demonstrating the group's commendable knack for developing sophisticated and discreet malware specifically designed for Apple computers.
A recent incident involved an exploiter beginning to drain $2.1M loot using the Onyx Protocol on Tornado Cash. A popular Telegram bot, Unibot, used to identify trade opportunities on decentralized exchange Uniswap, fell victim to an exploit that tanked the token's price by 40% within an hour. Unibot users were warned about the shakedown by Scopescan, a blockchain analytics firm. The hack was eventually confirmed by an official source: "We discovered a token approval exploit in our new router and have stopped the service temporarily to address the issue." Unibot vowed to reimburse all users who suffered losses due to the contractual exploit.
Published At
11/3/2023 11:38:52 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.