![](\"https:\/\/s3.cointelegraph.com\/uploads\/2023-11\/23df3c43-8397-4b62-bda0-f767d145fbdc.png\")
<\/p>\nA new malware discovered on Apple\u2019s macOS \u2014 tied to the North Korean hacking group Lazarus \u2014 has reportedly targeted blockchain engineers of a cryptocurrency exchange platform.<\/p>\n
The macOS malware \u201cKandyKorn\u201d is a stealthy backdoor capable of data retrieval, directory listing, file upload\/download, secure deletion, process termination and command execution, according to an analysis by Elastic Security Labs. <\/p>\n
<\/p>\n
The above flowchart explains the steps taken by the malware to infect and hijack users\u2019 computers. Initially, the attackers spread Python-based modules via Discord channels by impersonating community members. <\/p>\n
The social engineering attacks trick community members into downloading a malicious ZIP archive named \u201cCross-platform Bridges.zip\u201d \u2014 imitating an arbitrage bot designed for automated profit generation. However, the file imports 13 malicious modules that work together to steal and manipulate information. The report read:<\/p>\n
\u201cWe observed the threat actor adopting a technique we have not previously seen them use to achieve persistence on macOS, known as execution flow hijacking.\u201d<\/p><\/blockquote>\n
The cryptocurrency sector remains a primary target for Lazarus, primarily motivated by financial gain rather than espionage, their other main operational focus.<\/p>\n
The existence of KandyKorn underscores that macOS is well within Lazarus\u2019 targeting range, showcasing the threat group\u2019s remarkable ability to craft sophisticated and inconspicuous malware tailored for Apple computers.<\/p>\n