A piece of malware targeting the encryption community and engineers has been discovered on Apple's macOS system
ChainiCatcher news, according to Cointelegraph, a new type of malware called "KandyKorn" related to the North Korean hacker group Lazarus has been discovered on Apple's macOS system, targeting the crypto community and engineers.
According to analysis by Elastic Security Labs, "KandyKorn" is an invisible backdoor capable of data retrieval, directory listing, file upload/download, secure deletion, process termination, and command execution.
Initially, the attackers impersonated community members through Discord channels to spread a Python-based module. Social engineering attacks lured community members into downloading a malicious ZIP archive named "Cross-platform Bridges.zip," which mimicked an arbitrage bot designed for automatic profit. However, the file imported 13 malicious modules that worked together to steal and manipulate information.