{"id":9210,"date":"2023-11-03T17:41:00","date_gmt":"2023-11-03T17:41:00","guid":{"rendered":"https:\/\/infundpros.com\/markets\/crypto\/macos-malware-kandykorn-targets-crypto-owners\/"},"modified":"2023-11-03T17:41:04","modified_gmt":"2023-11-03T17:41:04","slug":"macos-malware-kandykorn-targets-crypto-owners","status":"publish","type":"post","link":"https:\/\/infundpros.com\/?p=9210","title":{"rendered":"MacOS Malware KandyKorn Targets Crypto Owners"},"content":{"rendered":"<div>\n<figure id=\"attachment_127118\" aria-describedby=\"caption-attachment-127118\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><noscript><\/noscript><figcaption id=\"caption-attachment-127118\" class=\"wp-caption-text\">Source: Pexels<\/figcaption><\/figure>\n<p>A new MacOS malware, known as KandyKorn and linked to the notorious Lazarus Group, has recently been identified. The malware was discovered by the Elastic Security Labs.<\/p>\n<p>According to an official report published by the blockchain security firm, KandyKorn relies on social engineering tactics, deceiving victims into installing a malicious ZIP file named \u201cCross-platform Bridges.zip.\u201d<\/p>\n<p>On the outside, this ZIP file appears to be an arbitrage artificial intelligence (AI) bot designed to assist users in generating yield automatically.<\/p>\n<p>Meanwhile, on the inside, the malicious file downloads 13 Python-based modules that collaborate to retrieve user data and information illicitly.<\/p>\n<p>Providing context on how efficient this virus is, the Elastic Security Labs noted that it operates clandestinely, and users are often unaware of events unfolding behind the scenes.<\/p>\n<p>This malware then accesses an affected computer\u2019s directory listing, uploads and downloads files automatically, deletes, processes termination, and executes commands.<\/p>\n<p>To achieve this, the malicious malware is shared on Discord channels by the hackers who present themselves as community moderators. This fosters trust, leading users to download the malicious ZIP file, which subsequently infects and takes control of their laptops.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The DPRK was so excited about Halloween, they got a head start on passing out candy. Check out REF7001, AKA KANDYKORN \u2013 a malware distributed in cryptocurrency servers on Discord: https:\/\/t.co\/ZJ1r92Yhvf<a rel=\"nofollow\" href=\"https:\/\/twitter.com\/hashtag\/malware?src=hash&amp;ref_src=twsrc%5Etfw\">#malware<\/a> <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/hashtag\/threatdiscovery?src=hash&amp;ref_src=twsrc%5Etfw\">#threatdiscovery<\/a> <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/hashtag\/cryptocurrency?src=hash&amp;ref_src=twsrc%5Etfw\">#cryptocurrency<\/a> <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/hashtag\/discord?src=hash&amp;ref_src=twsrc%5Etfw\">#discord<\/a> <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/hashtag\/ElasticSecurityLabs?src=hash&amp;ref_src=twsrc%5Etfw\">#ElasticSecurityLabs<\/a><\/p>\n<p>\u2014 Elastic Security Labs (@elasticseclabs) <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/elasticseclabs\/status\/1719400088517186015?ref_src=twsrc%5Etfw\">October 31, 2023<\/a><\/p>\n<\/blockquote>\n<p>Expressing concern about the potential impact of the KandyKorn malware on Mac and iOS devices, the Elastic Security Labs team stated that the technique it is deploying is unusual.<\/p>\n<p>This technique allows the malware to persistently bombard the targeted device through a process called execution flow hijacking.<\/p>\n<p>KandyKorn is now a favored malware by the Lazarus Group, according to the report by Elastic Security Labs.<\/p>\n<p>The anonymous group of hackers linked with the Democratic People\u2019s Republic of North Korea (DPKR) has taken a strong interest in the crypto space in the last couple of years.<\/p>\n<p>So far, the Lazarus Group has stolen more than a billion dollars from the nascent industry and has relied on cryptocurrency mixing platforms to harvest their illicit gains.<\/p>\n<p>KandyKorn\u2019s growing presence further highlights the growing level of sophisticated tools these hacking groups now rely on to siphon investors\u2019 digital funds.<\/p>\n<p>However, KandyKorn has not been the only actor in a vast ecosystem of viruses. The popular Telegram bot, Unibot, was also exploited upwards of $560,000 a few days earlier.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">.<a rel=\"nofollow\" href=\"https:\/\/twitter.com\/TeamUnibot?ref_src=twsrc%5Etfw\">@TeamUnibot<\/a>  seems exploited, the exploiter transfers memecooins from <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/hashtag\/unibot?src=hash&amp;ref_src=twsrc%5Etfw\">#unibot<\/a> users and is exchanging them for the <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/search?q=%24ETH&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$ETH<\/a> right now.<\/p>\n<p>The current exploit size is ~$560K<\/p>\n<p>Exploiter address:https:\/\/t.co\/ysyTmgUAit <a rel=\"nofollow\" href=\"https:\/\/t.co\/MF85Fdk892\">pic.twitter.com\/MF85Fdk892<\/a><\/p>\n<p>\u2014 Scopescan (\ud83e\udeac . \ud83e\udeac) (@0xScopescan) <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/0xScopescan\/status\/1719222329224704307?ref_src=twsrc%5Etfw\">October 31, 2023<\/a><\/p>\n<\/blockquote>\n<p>According to a tweet by Scopescan on X (formerly Twitter), the exploiter traded regular meme coins from Unibot users for the Ether token.\n<\/p>\n<h2>State-Sponsored Hacking Terrorism<\/h2>\n<p>\nIn recent months, global attention has been firmly fixed on the cryptocurrency sector. The primary concern revolves around the ease with which certain groups can employ advanced tools to move funds illicitly with little detection.<\/p>\n<p>While various hacking groups operate in this landscape, the Lazarus Group has earned notoriety as one of the most prominent state-sponsored cyber threat groups within the crypto space.<\/p>\n<p>However, their activities extend beyond the crypto space, as they have recently turned their attention to software companies.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">At <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/hashtag\/TheSAS2023?src=hash&amp;ref_src=twsrc%5Etfw\">#TheSAS2023<\/a>, our experts unveiled a sophisticated APT campaign by the <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/hashtag\/Lazarus?src=hash&amp;ref_src=twsrc%5Etfw\">#Lazarus<\/a> group.<\/p>\n<p>This campaign targets organizations worldwide through legitimate software designed to encrypt web communications using digital certificates.<\/p>\n<p>Read our full report \u21d2 https:\/\/t.co\/zQ9okvUxyc <a rel=\"nofollow\" href=\"https:\/\/t.co\/QtxkZprj7b\">pic.twitter.com\/QtxkZprj7b<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a rel=\"nofollow\" href=\"https:\/\/twitter.com\/kaspersky\/status\/1717934477890998523?ref_src=twsrc%5Etfw\">October 27, 2023<\/a><\/p>\n<\/blockquote>\n<p>The Kaspersky team recently unveiled a series of cyber attacks by the Lazarus Group. According to a report, the cyber threat group created legitimate software designed to encrypt web communications using digital signatures from the computer networks of organizations.<\/p>\n<p>This enables them to retrieve data, break through firewalls, and upload or download required files and systems.<\/p>\n<div class=\"newsletter home-newsletter single\">\n<div class=\"left-side\">\n<p>\n        <em><br \/>\n            Enter your email for our Free Daily Newsletter        <\/em>\n    <\/p>\n<p> A quick 3min read about today&#8217;s crypto news!<\/p>\n<p>    <span class=\"response-msg\" id=\"newsletter-response\"><\/span>\n<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/>Read the full article <a href=\"https:\/\/cryptonews.com\/news\/macos-malware-kandykorn-targets-crypto-owners.htm\" target=\"_blank\" rel=\"noopener\">here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Source: Pexels A new MacOS malware, known as KandyKorn and linked to the notorious Lazarus Group, has recently been identified. The malware&#8230;<\/p>\n","protected":false},"author":1,"featured_media":9211,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28],"tags":[],"class_list":{"0":"post-9210","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-crypto"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>MacOS Malware KandyKorn Targets Crypto Owners | inFundPros<\/title>\n<meta name=\"description\" content=\"Source: Pexels A new MacOS malware, known as KandyKorn and linked to the notorious Lazarus Group, has recently been identified. The malware was discovered\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/infundpros.com\/?p=9210\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MacOS Malware KandyKorn Targets Crypto Owners | inFundPros\" \/>\n<meta property=\"og:description\" content=\"Source: Pexels A new MacOS malware, known as KandyKorn and linked to the notorious Lazarus Group, has recently been identified. The malware was discovered\" \/>\n<meta property=\"og:url\" content=\"https:\/\/infundpros.com\/?p=9210\" \/>\n<meta property=\"og:site_name\" content=\"inFundPros\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-03T17:41:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-03T17:41:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/11\/1699031642-macos.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"780\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Press Room\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Press Room\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/infundpros.com\/?p=9210#article\",\"isPartOf\":{\"@id\":\"https:\/\/infundpros.com\/?p=9210\"},\"author\":{\"name\":\"Press Room\",\"@id\":\"https:\/\/infundpros.com\/#\/schema\/person\/87f7e632b195ea95c91503d9281f5eff\"},\"headline\":\"MacOS Malware KandyKorn Targets Crypto Owners\",\"datePublished\":\"2023-11-03T17:41:00+00:00\",\"dateModified\":\"2023-11-03T17:41:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/infundpros.com\/?p=9210\"},\"wordCount\":685,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/infundpros.com\/#organization\"},\"articleSection\":[\"Crypto\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/infundpros.com\/?p=9210#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/infundpros.com\/?p=9210\",\"url\":\"https:\/\/infundpros.com\/?p=9210\",\"name\":\"MacOS Malware KandyKorn Targets Crypto Owners | inFundPros\",\"isPartOf\":{\"@id\":\"https:\/\/infundpros.com\/#website\"},\"datePublished\":\"2023-11-03T17:41:00+00:00\",\"dateModified\":\"2023-11-03T17:41:04+00:00\",\"description\":\"Source: Pexels A new MacOS malware, known as KandyKorn and linked to the notorious Lazarus Group, has recently been identified. The malware was discovered\",\"breadcrumb\":{\"@id\":\"https:\/\/infundpros.com\/?p=9210#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/infundpros.com\/?p=9210\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/infundpros.com\/?p=9210#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/infundpros.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"MacOS Malware KandyKorn Targets Crypto Owners\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/infundpros.com\/#website\",\"url\":\"https:\/\/infundpros.com\/\",\"name\":\"Fintech Advance\",\"description\":\"Latest Finance and Tech News and Updates\",\"publisher\":{\"@id\":\"https:\/\/infundpros.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/infundpros.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/infundpros.com\/#organization\",\"name\":\"Fintech Advance\",\"url\":\"https:\/\/infundpros.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/infundpros.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/10\/tech-logo.png\",\"contentUrl\":\"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/10\/tech-logo.png\",\"width\":409,\"height\":70,\"caption\":\"Fintech Advance\"},\"image\":{\"@id\":\"https:\/\/infundpros.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/infundpros.com\/#\/schema\/person\/87f7e632b195ea95c91503d9281f5eff\",\"name\":\"Press Room\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/infundpros.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/10\/avatar_user_1_1697230663-96x96.png\",\"contentUrl\":\"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/10\/avatar_user_1_1697230663-96x96.png\",\"caption\":\"Press Room\"},\"sameAs\":[\"https:\/\/infundpros.com\"],\"url\":\"https:\/\/infundpros.com\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MacOS Malware KandyKorn Targets Crypto Owners | inFundPros","description":"Source: Pexels A new MacOS malware, known as KandyKorn and linked to the notorious Lazarus Group, has recently been identified. The malware was discovered","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/infundpros.com\/?p=9210","og_locale":"en_US","og_type":"article","og_title":"MacOS Malware KandyKorn Targets Crypto Owners | inFundPros","og_description":"Source: Pexels A new MacOS malware, known as KandyKorn and linked to the notorious Lazarus Group, has recently been identified. The malware was discovered","og_url":"https:\/\/infundpros.com\/?p=9210","og_site_name":"inFundPros","article_published_time":"2023-11-03T17:41:00+00:00","article_modified_time":"2023-11-03T17:41:04+00:00","og_image":[{"width":1200,"height":780,"url":"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/11\/1699031642-macos.png","type":"image\/png"}],"author":"Press Room","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Press Room","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/infundpros.com\/?p=9210#article","isPartOf":{"@id":"https:\/\/infundpros.com\/?p=9210"},"author":{"name":"Press Room","@id":"https:\/\/infundpros.com\/#\/schema\/person\/87f7e632b195ea95c91503d9281f5eff"},"headline":"MacOS Malware KandyKorn Targets Crypto Owners","datePublished":"2023-11-03T17:41:00+00:00","dateModified":"2023-11-03T17:41:04+00:00","mainEntityOfPage":{"@id":"https:\/\/infundpros.com\/?p=9210"},"wordCount":685,"commentCount":0,"publisher":{"@id":"https:\/\/infundpros.com\/#organization"},"articleSection":["Crypto"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/infundpros.com\/?p=9210#respond"]}]},{"@type":"WebPage","@id":"https:\/\/infundpros.com\/?p=9210","url":"https:\/\/infundpros.com\/?p=9210","name":"MacOS Malware KandyKorn Targets Crypto Owners | inFundPros","isPartOf":{"@id":"https:\/\/infundpros.com\/#website"},"datePublished":"2023-11-03T17:41:00+00:00","dateModified":"2023-11-03T17:41:04+00:00","description":"Source: Pexels A new MacOS malware, known as KandyKorn and linked to the notorious Lazarus Group, has recently been identified. The malware was discovered","breadcrumb":{"@id":"https:\/\/infundpros.com\/?p=9210#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/infundpros.com\/?p=9210"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/infundpros.com\/?p=9210#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/infundpros.com\/"},{"@type":"ListItem","position":2,"name":"MacOS Malware KandyKorn Targets Crypto Owners"}]},{"@type":"WebSite","@id":"https:\/\/infundpros.com\/#website","url":"https:\/\/infundpros.com\/","name":"Fintech Advance","description":"Latest Finance and Tech News and Updates","publisher":{"@id":"https:\/\/infundpros.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/infundpros.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/infundpros.com\/#organization","name":"Fintech Advance","url":"https:\/\/infundpros.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/infundpros.com\/#\/schema\/logo\/image\/","url":"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/10\/tech-logo.png","contentUrl":"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/10\/tech-logo.png","width":409,"height":70,"caption":"Fintech Advance"},"image":{"@id":"https:\/\/infundpros.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/infundpros.com\/#\/schema\/person\/87f7e632b195ea95c91503d9281f5eff","name":"Press Room","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/infundpros.com\/#\/schema\/person\/image\/","url":"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/10\/avatar_user_1_1697230663-96x96.png","contentUrl":"https:\/\/infundpros.com\/wp-content\/uploads\/2023\/10\/avatar_user_1_1697230663-96x96.png","caption":"Press Room"},"sameAs":["https:\/\/infundpros.com"],"url":"https:\/\/infundpros.com\/?author=1"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/infundpros.com\/index.php?rest_route=\/wp\/v2\/posts\/9210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infundpros.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infundpros.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infundpros.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infundpros.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9210"}],"version-history":[{"count":1,"href":"https:\/\/infundpros.com\/index.php?rest_route=\/wp\/v2\/posts\/9210\/revisions"}],"predecessor-version":[{"id":9212,"href":"https:\/\/infundpros.com\/index.php?rest_route=\/wp\/v2\/posts\/9210\/revisions\/9212"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infundpros.com\/index.php?rest_route=\/wp\/v2\/media\/9211"}],"wp:attachment":[{"href":"https:\/\/infundpros.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infundpros.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infundpros.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}