North Korean Hackers Targets MacOS Blockchain Engineers
Cybercriminals are distributing a Python app disguised as a crypto arbitrage bot to unsuspecting victims on a public Discord server.
The Lazarus Group, a notorious North Korean hacking group, has recently shifted its focus to macOS blockchain engineers on Discord.
According to Elastic Security Labs, the hackers are using a new type of malware, called Kandykorn, that is distributed via direct messages on Discord servers.
The cybersecurity firm believes that North Korea is behind the attack because of the specific techniques, network infrastructure, code-signing certificates, and custom Lazarus Group detection rules used in the attack.
In this regard, Elastic Security Labs said: “The DPRK, via units like the LAZARUS GROUP, continues to target crypto-industry businesses to steal cryptocurrency to circumvent international sanctions that hinder the growth of their economy and ambitions.”
According to reports, malicious actors are attempting to trick victims into downloading and decompressing a ZIP archive, which contains malware in the form of an arbitrage bot.
Once installed on the victim’s device, this malware possesses a full set of capabilities to access and extract data from the victim’s computer, as confirmed by Elastic Security Labs.
The group of hackers has been using this scheme since at least April 2023, and the threat is still active. Tools and techniques are continuously being developed to further this fraudulent activity.
The Lazarus Group is proving to be relentless in its efforts and continues to develop new tricks to achieve its malicious goals. In early September, it was confirmed that the North Korea-backed hacker group was responsible for the attack on crypto casino Stake. Stake suffered a severe hacker attack on Sep. 4, causing a loss of more than $40 million in cryptocurrency.
Subscribe to UPYO News Newsletter to receive Latest, Breaking and Live Updates on Web3 Space.