Sunday, May 26, 2024

Apple MacOS malware targets crypto community and engineers

In a recent discovery, it has been revealed that a new malware called “KandyKorn” has been targeting the crypto community and engineers who use Apple’s macOS. This malware, believed to be associated with the North Korean hacking group Lazarus, is a stealthy backdoor that can retrieve data, list directories, upload and download files, delete securely, terminate processes, and execute commands. The attackers lure victims into downloading a malicious ZIP archive, disguised as an arbitrage bot, through social engineering tactics. Once installed, the malware imports 13 malicious modules to steal and manipulate sensitive information. This highlights the growing threat of cyberattacks targeting the cryptocurrency sector, and the need for heightened security measures to protect against such attacks.

Malware Targets Crypto Community and Engineers

Apple MacOS malware targets crypto community and engineers

This image is property of

Overview of Apple MacOS malware targeting crypto community and engineers

In recent news, a new malware has been discovered on Apple’s macOS, specifically targeting the crypto community and engineers. This malware, known as “KandyKorn,” is believed to be linked to the North Korean hacking group Lazarus. It poses a significant threat to the security and privacy of individuals involved in the cryptocurrency sector.

Background information on the malware

According to an analysis conducted by Elastic Security Labs, KandyKorn is a stealthy backdoor that possesses various capabilities. These include data retrieval, directory listing, file upload/download, secure deletion, process termination, and command execution. The malware is designed to go undetected and carry out malicious activities without the knowledge of the user.

Analysis of the malware capabilities

The analysis of KandyKorn reveals the extent of its capabilities and the potential damage it can cause. It is capable of infiltrating and compromising the security of users’ computers. With its ability to retrieve sensitive and confidential data, manipulate information, and execute commands, the malware poses a severe threat to the cryptocurrency community and engineers working in the field.

Apple MacOS malware targets crypto community and engineers

This image is property of

Infection and hijacking process of the malware

The infection and hijacking process of KandyKorn is a cause for concern. The hackers behind the malware have employed social engineering techniques to trick community members into downloading a malicious ZIP archive named “Cross-platform” This archive impersonates an arbitrage bot used for automated profit generation. However, upon opening the file, unsuspecting users unknowingly import 13 malicious modules that work together to steal and manipulate information.

Interestingly, the report also notes that the attackers have adopted a new technique for achieving persistence on macOS known as execution flow hijacking. This highlights the sophistication and adaptability of the malware, as well as the ability of the hackers behind it to evolve their tactics.

Lazarus group’s targeting of the cryptocurrency sector

The Lazarus group has long been known for its involvement in cyberattacks targeting the cryptocurrency sector. While espionage has been one of their main operational focuses, Lazarus is primarily motivated by financial gain when targeting the cryptocurrency community. Their attacks often aim to steal funds or compromise the security of cryptocurrency exchanges and platforms.

Motivations behind Lazarus’ attacks

Financial gain remains the primary motivation behind Lazarus’ attacks on the cryptocurrency sector. The lucrative nature of the crypto industry and the potential for significant profits attract the attention of hackers, including Lazarus. By infiltrating and compromising the security of individuals and platforms within the crypto community, they can exploit vulnerabilities and carry out theft or other malicious activities.

Demonstration of Lazarus’ ability to target macOS

The discovery of KandyKorn on macOS reaffirms Lazarus’ capability to target Apple computers. This level of targeting demonstrates the group’s remarkable ability to craft sophisticated and inconspicuous malware tailored specifically for macOS. The fact that Lazarus has expanded its reach to Apple’s operating system indicates the need for heightened security measures for users within the cryptocurrency sector.

Recent exploit on Unibot highlights cryptocurrency security vulnerabilities

An incident involving the popular Telegram bot Unibot serves as a reminder of the security vulnerabilities within the cryptocurrency industry. The exploit on Unibot resulted in a significant crash in the token’s price, further highlighting the potential risks and consequences associated with cyber attacks on cryptocurrency platforms.

Details of the Unibot exploit

It was reported that the exploit on Unibot, which is commonly used for trading on the decentralized exchange Uniswap, led to a 40% drop in the token’s price within just one hour. The exploit involved the transfer of memecooins from Unibot users, which were then exchanged for Ethereum. The size of the exploit was estimated to be around $560,000.

Scopescan, a blockchain analytics firm, alerted users about the ongoing hack, and Unibot took immediate action to contain the issue. The platform committed to compensating users who lost funds due to the exploit, emphasizing the importance of platform security and user protection.


The emergence of KandyKorn on macOS and the exploit on Unibot serve as a stark reminder of the constant security threats facing the cryptocurrency community and engineers. It is crucial for individuals and platforms within the industry to remain vigilant, implement strong security measures, and stay informed about the latest malware and cyber attack techniques. By doing so, the crypto community can better protect themselves and their assets from potential threats.