Lazarus Group Uses Extended Attributes for Code Smuggling in macOS

A new technique by the Lazarus Advanced Persistent Threat (APT) group has been used by the threat actor to smuggle malicious code onto macOS systems, using custom extended attributes. 

This innovative method, observed by Group-IB, bypasses traditional security measures, enabling malicious code to remain concealed and undetected.

Extended attributes, often used to store additional file metadata, are now being leveraged by Lazarus to hide and execute malware on targeted systems.

See more: https://www.infosecurity-magazine.com/news/lazarus-extended-attributes-macos/

nostr:nevent1qqs9wlsujy2wcccy6mq3xh8rz3780ggz3eex9gf9emnhesqvjt7vhucppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqp2xx6ly