Alert! Danger! KANDYKORN Malware Spreading Through Discord Attacks Cryptocurrency Users.
A new threat is spreading across the Internet, putting the security and privacy of cryptocurrency users running macOS at risk. This is malware called KANDYKORN, presumably the work of North Korean hackers, who probably belong to the Lazarus Group, an organization known for its cyber attacks against financial and political targets around the world.
The KANDYKORN malware is distributed through Discord, a communication platform that has become very popular today. According to a report by the security company Elastic, hackers pose as blockchain developers and offer users a tool for cryptocurrency arbitrage, that is, the simultaneous purchase and sale of digital assets in different markets to take advantage of the price differences. To achieve their goals they persuade victims to download a ZIP file called: "Cross-platform Bridges.zip", which contains several malicious modules that collect information, execute harmful operations and commands. Malware communicates with hackers' control servers using the DNS protocol, making it difficult to detect and block.
As I mentioned previously, the Lazarus Hacker Group is considered to have ties to North Korea and has carried out several cyberattacks against financial, political and security targets around the world. For its activities, it uses sophisticated and varied techniques to infiltrate its victims' systems, such as phishing, malware, DNS tunneling and credential theft, constantly changing its tools and tactics to avoid detection and tracking. The Lazarus Group is believed to be part of North Korea's General Reconnaissance Office, a military intelligence agency that deals with cyber and sabotage operations.
Some of the most notorious attacks attributed to them are: The attack on Sony Pictures in 2014, in which they stole and leaked confidential company data and threatened to sabotage the premiere of the film "The Interview", a comedy about a plot to assassinate North Korean leader Kim Jong-u; The theft of $81 million from the Bangladesh Bank in 2016, in which they used the international payments system SWIFT to transfer the money to accounts in the Philippines and Sri Lanka; The global cyberattack with the WannaCry ransomware in 2017, in which they infected more than 300,000 computers in 150 countries and demanded a ransom in bitcoins to unlock them and the attack on the Harmony protocol in 2021, in which they took $100 million in cryptocurrencies using a vulnerability in the platform's smart contract.
For its part, Elastic, the company that conducted the research, has a strong presence in the cybersecurity market and is dedicated to offering search-based solutions for various use cases, such as observability, cybersecurity and enterprise search. Its main product is Elasticsearch, a distributed and open source search and analysis engine that allows storing, processing and visualizing large amounts of structured and unstructured data.
The KANDYKORN malware is capable of stealing users' sensitive data, such as the private keys to their cryptocurrency wallets, as well as executing arbitrary code on their devices, which could allow hackers to take full control of them. The Elastic report warns that this is the first documented case of North Korean malware specifically targeting macOS users, demonstrating the ability of Lazarus Group hackers to adapt and evolve. Furthermore, it notes that the KANDYKORN malware could be related to another malware called AppleJeus, which was also used to attack cryptocurrency users in the past.
If you are a cryptocurrency user, it is recommended that you take extreme caution when downloading files or programs from unknown or untrustworthy sources, especially if they are offers that are too good to be true. Always remember to verify the integrity of downloaded files with updated antivirus tools. PROTECT YOUR ASSETS!!!
TOOLS, PLATFORMS & APPLICATIONS
π² QuantFury (Invite Code: JRRU2593
) - Trading - Join using my invite code: JRRU2593 and we will both receive a free share like AAPL or UBER, or crypto like BTC or ETH (up to $250). Trade and invest with no commissions or borrowing fees at real-time spot prices from the NYSE, Nasdaq, CME, Bats, Binance and Coinbase exchanges. With a good marketing management you have the possibility of obtaining passive profits without operating in the market.
π² StormGain - Trading - They can start without investment, capital is acquired for free with the Bitcoin Cloud Miner.
π² BingX - Trading - Called "The People's Exchange", it places a strong emphasis on social trading and offers its clients extensive features: new user rewards, demo account, high leverage, spot trading, standard and perpetual futures, grid trading, copy feed , etc.
π² CoinEX, KuCoin - Trading - They offer different bonuses.
π² AddmeFast - Earn daily Crypto. Promote and increase the sources of traffic, visibility, reach and reputation of your social networks.
π² Bitrefill - Living with crypto, a philosophy of financial freedom. Travel, play, eat and live with BTC.
π² Bitcoin Spark - ICO - Initial Coin Offerings.
π² Bulb, Publish0x, Ecency - Earn daily Crypto, NTFs or Money for reading or writing articles and interacting with publications.
Author's Note: The opinion expressed here is not investment advice, is provided for informational purposes only, and reflects the opinion of the author only. I do not promote, endorse or recommend any particular investment. Investments may not be right for everyone. Every investment in the market and every trade you make involves risk, so you should always do your own research before making any decision. I do not recommend investing money that you cannot afford to chair, as you could lose the entire amount invested.
π Originally Posted: Publish0x