Trick or treat? North Korean hackers target crypto experts with Kandykorn macOS malware

State-sponsored hackers believed to be from North Korea have attempted to infect the systems of blockchain engineers with a new macOS malware. Security researchers from Elastic discovered the attempts to spread the malware, named Kandykorn, began on Discord. Impersonating blockchain community members, the hackers directed victims to download a ZIP file containing the malware, under the guise of a cryptocurrency bot. Kandykorn has capabilities to monitor, interact and avoid detection. It runs on command-and-control servers used by the Lazarus Group.