North Korean Hachers Target Apple

North Korean Hackers Hit Apple and Crypto Exchanges with macOS Malware


573 Listen to this article Cybersecurity Alert: macOS Malware “KandyKorn” in Circulation North Korean hacking entities, believed to be associated […]

Latest News

Listen to this article

Cybersecurity Alert: macOS Malware “KandyKorn” in Circulation

North Korean hacking entities, believed to be associated with the well-known Lazarus Group, have been actively targeting cryptocurrency exchanges, deploying a new strain of macOS malware known as KandyKorn. The attackers have been reported to impersonate blockchain engineers on popular platforms like Discord to lure their victims.

Ingenious Social Engineering Tactics

Elastic Security Labs, a cybersecurity research firm, has uncovered that these cybercriminals use advanced social engineering tactics. They trick unsuspecting victims into downloading a ZIP file containing the malware, disguised as a cryptocurrency arbitrage bot, a tool designed to take advantage of price differences between exchanges. The Trigger for KandyKorn

The initial infection starts with the victim downloading a Python file, which subsequently downloads and executes This script is the gateway to the infection chain known as REF7001, leading to the execution of the KandyKorn malware.

Capabilities of the KandyKorn RAT

KandyKorn operates as a remote access trojan (RAT) and a backdoor. It boasts a variety of malicious capabilities, including data exfiltration, executing directory listings, secure file deletion, and managing file uploads and downloads.

Read Also:  Reddit's BRICK Token Doubles, Reversing Two-Month Decline in Fortnite

Stealthy Communication Tactics

The Elastic researchers noted that KandyKorn stands out for its communication protocol with its command-and-control (C2) server. The malware awaits commands rather than continuously polling for them, which reduces its footprint and chances of being detected.

Ongoing Threat Activity Since April 2023

The malware campaign is believed to have commenced in April 2023 and remains active. The cybercriminals continue to refine their tools and techniques, with RC4 key encryption for KandyKorn C2 and Sugarloader being the latest developments.

Rising Concerns Over Cryptocurrency Exchange Security

This latest attack vector reiterates that macOS users are not immune to sophisticated malware campaigns, especially in the lucrative cryptocurrency sector. The Money Mongers, an independent think tank, has reported significant losses in the crypto industry due to such cyber attacks, with a staggering $12.36 billion lost since 2011.

A Yearly Snapshot of Crypto Hacks

According to their data, 297 crypto-related hacking incidents have occurred this year alone, translating to an industry loss of approximately $216,000 every hour. Chainalysis’s reports highlight 2022 as the most detrimental year for crypto businesses, with losses summing up to $3.8 billion due to hacks.

Record-Breaking Thefts by the Lazarus Group

Notably, the Lazarus Group, reputedly backed by the North Korean government, has been implicated in the theft of an extraordinary $1.7 billion in cryptocurrencies across various hacking operations, setting a new record for the group’s criminal activities.

Enhanced Security Measures: A Call to Action

The findings by The Money Mongers underscore an urgent call for fortified security measures within the cryptocurrency domain. As the threat landscape evolves, so too must the industry’s defense mechanisms to safeguard against these increasingly sophisticated cyber threats.

Read Also:  Cardano Development Surge: ADA Shows Resilience Amid Market Challenges

For the Latest Crypto News follow the Coinography and Subscribe our YouTube channel or follow us on social media platforms like Twitter, Facebook, Instagram and LinkedIn.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments

Get Latest Updates

Latest News

Web Stories

Latest News

Would love your thoughts, please comment.x
Scroll to Top
Bitcoin ETFs Surge as Investors Seek Exposure Coinbase, Andreessen Horowitz, and Ripple have joined forces to fund a new crypto DMM Bitcoin Hit by $305M Hack Ripple Releases 1 Billion XRP Tokens What to Expect from Bitcoin’s Price Rally in H2 2024 Trump’s MAGA Coin Soars 7% While Biden Parody Sinks Amid Ex-President’s Trial — NFTs Hold Steady Analyst Warns About Dogecoin Decline CME Denies Solana Futures Plans Amid Growing Rumors Can PEPE flip Polygon? Market cap race heats up! Why Bitcoin Price Is Down Today? Cristiano Ronaldo Launches 4th NFT Collection on Binance Amid $1B Lawsuit Coinbase Alleges SEC Dodging Howey Test in New Appeal Ethereum ETFs Granted Official Approval by SEC Crypto Whale Splurges $10.4 Million on Meme Coin PEPE SOL Price Nearing Support as On-Chain Activity Dips for Solana Penguiana Meme Coin’s Presale Achieves Success, Raising 290 SOL Solana to Bitcoin Bridge, Zeus Network, Set for Debut in Q3 2024 DeFi Lending Leader Aave Unveils V4 Protocol Overhaul MicroStrategy (MSTR) Incurs Losses in Q1 After Digital Asset Impairment Takes Toll Upbit Emerges as Top Five Crypto Exchange, Posing Challenge to Binance, Coinbase