‘KandyKorn’ macOS Malware Lures Crypto Engineers

The North Korean group Lazarus has created a macOS malware named KandyKorn to target cryptocurrency exchanges. The malware is distributed through a Discord server and is disguised as a cryptocurrency arbitrage bot. Lazarus uses social engineering to trick victims into downloading the malware. Once installed, KandyKorn communicates with the hackers’ server and waits for instructions, making detection difficult. It’s one of the several tools used by Lazarus in its campaign against cryptocurrency services, reportedly funding the North Korean regime.