A brand new malware found on Apple’s macOS — tied to the North Korean hacking group Lazarus — has reportedly focused blockchain engineers of a cryptocurrency trade platform.
The macOS malware “KandyKorn” is a stealthy backdoor able to information retrieval, listing itemizing, file add/obtain, safe deletion, course of termination and command execution, according to an evaluation by Elastic Security Labs.
The above flowchart explains the steps taken by the malware to contaminate and hijack customers’ computer systems. Initially, the attackers unfold Python-based modules through Discord channels by impersonating community members.
The social engineering assaults trick community members into downloading a malicious ZIP archive named “Cross-platform Bridges.zip” — imitating an arbitrage bot designed for automated revenue era. However, the file imports 13 malicious modules that work collectively to steal and manipulate data. The report learn:
“We observed the threat actor adopting a technique we have not previously seen them use to achieve persistence on macOS, known as execution flow hijacking.”
The cryptocurrency sector stays a main goal for Lazarus, primarily motivated by monetary acquire fairly than espionage, their different most important operational focus.
The existence of KandyKorn underscores that macOS is properly inside Lazarus’ concentrating on vary, showcasing the menace group’s exceptional potential to craft subtle and inconspicuous malware tailor-made for Apple computer systems.
Related: Onyx Protocol exploiter begins siphoning $2.1M loot on Tornado Cash
A current exploit on Unibot, a well-liked Telegram bot used to snipe trades on the decentralized trade Uniswap, crashed the token’s value by 40% in a single hour.
.@TeamUnibot appears exploited, the exploiter transfers memecooins from #unibot customers and is exchanging them for the $ETH proper now.
The present exploit measurement is ~$560K
Exploiter handle:https://t.co/ysyTmgUAit pic.twitter.com/MF85Fdk892
— Scopescan ( . ) (@0xScopescan) October 31, 2023
Blockchain analytics agency Scopescan alerted Unibot customers about an ongoing hack, which was later confirmed by an official supply:
“We experienced a token approval exploit from our new router and have paused our router to contain the issue.”
Unibot dedicated to compensating all customers who misplaced funds as a result of contract exploit.
Magazine: Slumdog billionaire 2: ‘Top 10… brings no satisfaction’ says Polygon’s Sandeep Nailwal