North Korean hackers use new macOS malware against crypto firms
North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems.
Researchers are calling the campaign Hidden Risk and say that it lures victims with emails that share fake news about the latest activity in the cryptocurrency sector.
The malware deployed in these attacks relies on a novel persistence mechanism on macOS that does not trigger any alerts on the latest versions of the operating system, thus evading detection.
BlueNoroff is known for cryptocurrency thefts and has targeted macOS in the past using a payload malware called ‘ObjCShellz‘ to open remote shells on compromised Macs.
Infection chain
The attacks start with a phishing email containing…
