Lazarus Hacking Group Using KandyKorn MacOS Malware In Their Recent Campaign

A recently identified malware called 'KandyKorn' for macOS has emerged in a cyber campaign associated with the North Korean hacking group Lazarus. Their primary targets are the blockchain engineers working on a cryptocurrency exchange platform. To execute their attack, the hackers pose as members of the cryptocurrency community within Discord channels. They distribute Python-based modules that initiate a multi-stage infection process involving KandyKorn. Elastic Security, after thorough investigation, has linked these attacks to Lazarus by identifying similarities with their previous campaigns. These similarities include techniques used, network infrastructure, code-signing certificates, and custom detection rules developed for Lazarus. Read more...