North Korean Lazarus Group Uses macOS Malware Toolkit to Attack Cryptocurrency and Fintech Companies

Odaily News According to CertiK monitoring, the Lazarus Group is conducting an attack campaign named Mach-O Man targeting executives in the fintech and cryptocurrency industry. This operation utilizes ClickFix social engineering techniques, sending fake online meeting invitations to lure victims into pasting repair commands in the Mac terminal, thereby gaining access to company and financial systems. CertiK researcher Natalie Newson stated that the Lazarus Group has stolen over $500 million in the past two weeks through attacks on Drift and KelpDAO. Mach-O Man is a modular macOS malware toolkit developed by the Chollima division under the Lazarus Group, capable of automatically deleting itself after use to evade detection. Furthermore, attackers have already carried out this attack by hijacking DeFi project domains and replacing them with fake Cloudflare messages.