Security News > 2023 > November > New macOS 'KandyKorn' malware targets cryptocurrency engineers
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.
At the final stage of the attack, a loader known as HLoader is used, which impersonates Discord and uses macOS binary code-signing techniques seen in past Lazarus campaigns.
KandyKorn is an advanced final-stage payload that enables Lazarus to access and steal data from the infected computer.
The existence of KandyKorn underscores that macOS is well within Lazarus' targeting range, showcasing the threat group's remarkable ability to craft sophisticated and inconspicuous malware tailored for Apple computers.
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware.
Lazarus hackers breach aerospace firm with new LightlessCan malware.
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)