A new malware called “KandyKorn” has been discovered on Apple’s macOS, and it is believed to be linked to the North Korean hacking group Lazarus. This malware specifically targets blockchain engineers of a cryptocurrency exchange platform, according to Elastic Security Labs. KandyKorn is a stealthy backdoor that can perform various malicious functions such as data retrieval, file upload/download, and command execution.
An analysis by Elastic Security Labs reveals the execution flow of the malware, showing how it infects and hijacks users’ computers. The attackers initially spread Python-based modules through Discord channels, pretending to be community members. They used social engineering techniques to trick users into downloading a malicious ZIP archive named “Cross-platform Bridges.zip,” which impersonates an arbitrage bot designed for profit generation. However, the archive contains 13 malicious modules that work together to steal and manipulate information. The report highlights the use of a technique called execution flow hijacking, which is a new method employed by the threat actor.
Lazarus has a primary focus on the cryptocurrency sector, driven primarily by financial gain rather than espionage. The fact that KandyKorn exists demonstrates that macOS is well within the group’s targeting range. It showcases their ability to create sophisticated and inconspicuous malware specifically tailored for Apple computers.
In another incident related to the cryptocurrency space, a popular Telegram bot called Unibot, used for sniping trades on the decentralized exchange Uniswap, experienced an exploit. The exploit caused the token’s price to crash by 40% within an hour. Scopescan, a blockchain analytics firm, alerted Unibot users about the ongoing hack, which was later confirmed by an official source. Unibot acknowledged the token approval exploit from their new router and paused its operation to contain the issue. The company has committed to compensating all users who lost funds as a result of the contract exploit.
These incidents highlight the ongoing threats faced by the cryptocurrency industry. Hackers and threat actors are continually finding new ways to target platforms and users, emphasizing the importance of robust security measures. As the popularity and value of cryptocurrencies continue to rise, it is crucial for exchanges and individuals to remain vigilant and adopt best practices to protect their assets.
Overall, the discovery of the KandyKorn malware and the exploit on Unibot serve as reminders of the constant challenges and risks associated with the cryptocurrency ecosystem. It is essential for both industry professionals and users to stay informed and take necessary precautions to safeguard their investments and information from malicious actors.
Source link