A surge of MacOS malware aimed at the crypto industry worries Mac users

The crypto space is currently a target for malicious intent as a new wave of cyber attacks has been noted, one being the Apple MacOS malware. As a social engineering attack strategy, the crypto community members have been the major victims since the malware is embedded in a zip file, imitating a bot designed to assist in automated trading and generating profits. 

It’s still evident that malicious attacks in the digital space are inevitable, and as such, exercising a degree of keenest in digital transactions is key to mitigating these challenges. The recent malware attack on the Apple MacOS is proof of a primary challenge that faces the world of crypto directly. 

The Apple MacOS malware

The Apple MacOS has been a gateway used by hackers in attaching the crypto community. The designed malware is, in fact, a malicious ZIP archive tagged “Cross-platform Bridge.zip,” and it reflects an automated crypto bot used to trade digital assets. 

The culprits of this new malware are linked to the Lazarus group, a notorious team of hackers from North Korea. Digging deeper into the matter, Elastic Security Labs informed on the detailed features the malware is capable of. 

According to the expert analysis firm, the MacOS malware is a hidden backdoor that’s capable of several features, including data retrieval, secure deletion, directory listing, process termination, file upload and download, as well as command execution. 

Discord was the initial channel used in spreading Python-based modules of the ZIP file as the exploiters impersonated community members. They tricked the crypto community into downloading the malicious ZIP archive. 

Moreover, the malware imports 13 malicious modules that blend together in combined efforts of stealing information and manipulating services. The Apple team commented in a report pertaining to the recent hacking discovery:

 We observed the threat actor adopting a technique we have not previously seen them use to achieve persistence on macOS, known as execution flow hacking.

Apple

 As a major target for the Lazurus group, the crypto community should be cautious in downloading or installing applications linked to their trading portfolios. The group is focused on financial gain, among other operations, and the existence of KandyKorn proves that macOS is also another target well within the group’s range. 

Lazarus threatens the crypto space through its remarkable skills of creating highly sophisticated malware that is also inconspicuous, specifically tailored for Apple computers and cryptocurrency traders. 

Malware exploitation in the crypto space

Another similar incident that occurred recently was the Unibot exploit. The famous Telegram bot was used to enter sniper trades on the Uniswap decentralized exchange. This was followed by a 40% crash in the token’s market price in under an hour. 

The Unibot exploiters transferred memecoins from Unibot users and exchanged them for Ethereum (ETH). According to Scopescan, a popular crypto analysis firm, the exploit size totaled $560K. 

The blockchain analysis firm also involved the Unibot users in the happenings of the attack in real-time, which was later confirmed through official sources. Unibot addressed this issue and commented on offering compensation for all affected users who had lost their funds because of the recent contract exploit. Unibot was quoted on X stating:

 We experienced a token approval exploit from our new router and have paused our router to contain the issue.

Unibot

Elastic Security Labs also added to a disclosing novel that seeks to victimize the blockchain developers of cryptocurrency exchange platforms.  The intrusion leveraged a pile of open-source and custom capabilities that granted post-exploitation and initial access. The security lab stated:

 We discovered this intrusion when analyzing attempts to load a binary into memory on a macOS endpoint reflectively. The intrusion was traced to a Python application posing as a cryptocurrency arbitrage bot delivered via a direct message on a public Discord server.

Elastic Security Labs

Stay up to date

on all important crypto news!

The most important news, once a week. No spam.