North Korean Hackers Target macOS Users


North Korean hacking group BlueNoroff, part of the Lazarus APT, is targeting macOS users in the cryptocurrency and DeFi sectors with a new malware campaign dubbed “Hidden Risk.” Using phishing emails with fake crypto news, the attackers trick victims into opening a malicious macOS application disguised as a PDF link on topics like Bitcoin and stablecoins. The malware, notarized using a revoked Apple Developer ID, maintains persistence through the ‘zshenv’ file, bypasses macOS security via Info.plist exceptions, and downloads a decoy PDF to evade suspicion. A second-stage backdoor collects system data and connects to a command-and-control server for further instructions, continuing North Korea’s focus on financially motivated cybercrime.

Read More


thumb-image

Solutions