A new MacOS malware, known as KandyKorn and linked to the notorious Lazarus Group, has recently been identified. The malware was discovered by the Elastic Security Labs.
According to an official report published by the blockchain security firm, KandyKorn relies on social engineering tactics, deceiving victims into installing a malicious ZIP file named “Cross-platform Bridges.zip.”
On the outside, this ZIP file appears to be an arbitrage artificial intelligence (AI) bot designed to assist users in generating yield automatically.
Meanwhile, on the inside, the malicious file downloads 13 Python-based modules that collaborate to retrieve user data and information illicitly.
Providing context on how efficient this virus is, the Elastic Security Labs noted that it operates clandestinely, and users are often unaware of events unfolding behind the scenes.
This malware then accesses an affected computer’s directory listing, uploads and downloads files automatically, deletes, processes termination, and executes commands.
To achieve this, the malicious malware is shared on Discord channels by the hackers who present themselves as community moderators. This fosters trust, leading users to download the malicious ZIP file, which subsequently infects and takes control of their laptops.
The DPRK was so excited about Halloween, they got a head start on passing out candy. Check out REF7001, AKA KANDYKORN – a malware distributed in cryptocurrency servers on Discord: https://t.co/ZJ1r92Yhvf#malware #threatdiscovery #cryptocurrency #discord #ElasticSecurityLabs
— Elastic Security Labs (@elasticseclabs) October 31, 2023
Expressing concern about the potential impact of the KandyKorn malware on Mac and iOS devices, the Elastic Security Labs team stated
Read more on cryptonews.com