North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices.

Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as RustBucket, KANDYKORN, ObjCShellz, RustDoor (aka Thiefbucket), and TodoSwift.

The activity "uses emails propagating fake news about cryptocurrency trends to infect targets via a malicious application disguised as a PDF file," researchers Raffaele Sabato, Phil Stokes, and Tom Hegel said in a report shared with The Hacker News.

"The campaign likely began as early as July 2024 and uses email and PDF lures with fake news headlines or stories about crypto-related topics."

See more: https://thehackernews.com/2024/11/north-korean-hackers-target-crypto.html

#cybersecurity #crypto 

 Lazarus Group Uses Extended Attributes for Code Smuggling in macOS

A new technique by the Lazarus Advanced Persistent Threat (APT) group has been used by the threat actor to smuggle malicious code onto macOS systems, using custom extended attributes. 

This innovative method, observed by Group-IB, bypasses traditional security measures, enabling malicious code to remain concealed and undetected.

Extended attributes, often used to store additional file metadata, are now being leveraged by Lazarus to hide and execute malware on targeted systems.

See more: https://www.infosecurity-magazine.com/news/lazarus-extended-attributes-macos/

nostr:nevent1qqs9wlsujy2wcccy6mq3xh8rz3780ggz3eex9gf9emnhesqvjt7vhucppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqp2xx6ly