North Korean Hackers Hit Apple and Crypto Exchanges with macOS Malware

North Korean Hackers Hit Apple and Crypto Exchanges with macOS Malware

Cybersecurity Alert: macOS Malware “KandyKorn” in Circulation

North Korean hacking entities, believed to be associated with the well-known Lazarus Group, have been actively targeting cryptocurrency exchanges, deploying a new strain of macOS malware known as KandyKorn. The attackers have been reported to impersonate blockchain engineers on popular platforms like Discord to lure their victims.

Ingenious Social Engineering Tactics

Elastic Security Labs, a cybersecurity research firm, has uncovered that these cybercriminals use advanced social engineering tactics. They trick unsuspecting victims into downloading a ZIP file containing the malware, disguised as a cryptocurrency arbitrage bot, a tool designed to take advantage of price differences between exchanges. The Trigger for KandyKorn

The initial infection starts with the victim downloading a Python file, which subsequently downloads and executes This script is the gateway to the infection chain known as REF7001, leading to the execution of the KandyKorn malware.

Capabilities of the KandyKorn RAT

KandyKorn operates as a remote access trojan (RAT) and a backdoor. It boasts a variety of malicious capabilities, including data exfiltration, executing directory listings, secure file deletion, and managing file uploads and downloads.

Stealthy Communication Tactics

The Elastic researchers noted that KandyKorn stands out for its communication protocol with its command-and-control (C2) server. The malware awaits commands rather than continuously polling for them, which reduces its footprint and chances of being detected.

Ongoing Threat Activity Since April 2023

The malware campaign is believed to have commenced in April 2023 and remains active. The cybercriminals continue to refine their tools and techniques, with RC4 key encryption for KandyKorn C2 and Sugarloader being the latest developments.

Rising Concerns Over Cryptocurrency Exchange Security

This latest attack vector reiterates that macOS users are not immune to sophisticated malware campaigns, especially in the lucrative cryptocurrency sector. The Money Mongers, an independent think tank, has reported significant losses in the crypto industry due to such cyber attacks, with a staggering $12.36 billion lost since 2011.

A Yearly Snapshot of Crypto Hacks

According to their data, 297 crypto-related hacking incidents have occurred this year alone, translating to an industry loss of approximately $216,000 every hour. Chainalysis’s reports highlight 2022 as the most detrimental year for crypto businesses, with losses summing up to $3.8 billion due to hacks.

Record-Breaking Thefts by the Lazarus Group

Notably, the Lazarus Group, reputedly backed by the North Korean government, has been implicated in the theft of an extraordinary $1.7 billion in cryptocurrencies across various hacking operations, setting a new record for the group’s criminal activities.

Enhanced Security Measures: A Call to Action

The findings by The Money Mongers underscore an urgent call for fortified security measures within the cryptocurrency domain. As the threat landscape evolves, so too must the industry’s defense mechanisms to safeguard against these increasingly sophisticated cyber threats.

For the Latest Crypto News follow the Coinography and Subscribe our YouTube channel or follow us on social media platforms like Twitter, Facebook, Instagram and LinkedIn.

About Maria Morgan

Maria Morgan is a full-time cryptocurrency journalist at Coinography. She is graduate in Political Science and Journalism from London, her writing is centered around cryptocurrency news, regulation and policy-making across the glob.

View all posts by Maria Morgan →

Leave a Reply

Your email address will not be published. Required fields are marked *