North Korean Hackers Tageting Crypto Experts with KANDYKORN macOS Malware

Threat actors from North Korea have launched sophisticated attacks on a crypto exchange using a new macOS malware called KANDYKORN. The attackers posed as blockchain engineers on Discord and duped victims into downloading malicious code in the belief they were installing an arbitrage bot. This series of attacks is linked to the notorious Lazarus Group. Earlier this year, it used a backdoored macOS malware called RustBucket. This time, however, the malware was hidden in a ZIP archive.