Security News > 2023 > November > New macOS 'KandyKorn' malware targets cryptocurrency engineers
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.
At the final stage of the attack, a loader known as HLoader is used, which impersonates Discord and uses macOS binary code-signing techniques seen in past Lazarus campaigns.
KandyKorn is an advanced final-stage payload that enables Lazarus to access and steal data from the infected computer.
The existence of KandyKorn underscores that macOS is well within Lazarus' targeting range, showcasing the threat group's remarkable ability to craft sophisticated and inconspicuous malware tailored for Apple computers.
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware.
Lazarus hackers breach aerospace firm with new LightlessCan malware.
News URL
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- XCSSET macOS malware returns with first new version since 2022 (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- The XCSSET info-stealing malware is back, targeting macOS users and devs (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)