The development arrives days after Elastic Security Labs disclosed the Lazarus Group’s use of a new macOS malware called KANDYKORN to target blockchain engineers.
Also linked to the threat actor is a macOS malware referred to as RustBucket, an AppleScript-based backdoor that’s designed to retrieve a second-stage payload from an attacker-controlled server.
In these attacks, prospective targets are lured under the pretext of offering them investment advice or a job, only to kick-start the infection chain by means of a decoy document.
Comments are closed.