The North Korean Lazarus Group uses macOS malware toolkit to attack cryptocurrency and fintech companies

According to CoinDesk, monitoring by CertiK reveals that the Lazarus Group is conducting an attack operation named Mach-O Man targeting executives in the fintech and cryptocurrency industries. This operation utilizes ClickFix social engineering techniques, sending fake online meeting invitations to lure victims into pasting repair commands on their Mac terminals, thereby gaining access to company and financial systems.

CertiK researcher Natalie Newson stated that the Lazarus Group has stolen over $500 million through attacks on Drift and KelpDAO in the past two weeks. Mach-O Man is a modular macOS malware toolkit developed by the Chollima division of the Lazarus Group, capable of automatically deleting itself after use to evade detection.

Additionally, attackers have implemented this attack by hijacking DeFi project domain names and replacing them with fake Cloudflare messages.