KandayKorn Malware Made By North Korean Hackers Attack Blockchain Engineers

The malware attack that hit Unibot. (photo: dock. unibot)

JAKARTA - The new macOS malware found on Apple devices, linked to a North Korean hacker group called Lazarus, has reportedly targeted blockchain engineers from cryptocurrency exchange platforms.

MacOS malware "KandyKorn" is a backdoor capable of data taking, display of a directory, upload/download of files, safe removal, process termination, and command execution, according to analysis by Elastic Security Labs.

MacOS malware is capable of infecting and taking over users' computers. Initially, the attackers spread Python-based modules through Discord channels disguised themselves as community members.

This social engineering attack tricked community members to download a malicious ZIP archive called "Cross-platform Bridges.zip" - imitating an arbitration bot designed to generate automated profits. However, the file imports 13 malicious modules that work together to steal and manipulate information.

"We see threat actors adopting techniques that we have never seen before use them to achieve persistence in macOS, which is known as hacking of execution streams," said Elastic Security Labs.

The crypto sector remains currently the main target for the Lazarus group, which is primarily motivated by financial gains rather than espionage, which is also their main operational focus.

The existence of KandyKorn shows that macOS is also within the reach of Lazarus' target, displaying the group's ability of this threat in creating sophisticated and not striking malware tailored to Apple computers.

Most recently, the attack on the Unibot, a popular Telegram bot used to take trading positions on the Uniswap decentralized exchange, made the price of the token drop 40% in an hour.

Blockchain analytics firm Scopescan notified Unibot users of an ongoing hack attack, which was later confirmed by an official source.

"We are experiencing token approval exploitation from our new router and have tackled our router to address this issue," said Unibot.

Unibot is committed to replacing all users who lost their funds due to contract exploitation.