Gate News message, April 22 — North Korean-linked hacking group Lazarus has launched attacks targeting cryptocurrency wallets using a newly discovered malware called Mach-O Man, according to a malware analysis report released on April 21 by security firm ANY.RUN. The malicious code is designed to steal keychain data, browser credentials, and login sessions from macOS systems to gain unauthorized access to digital asset wallets and exchange accounts.
Unlike previous Lazarus campaigns, this attack specifically targets Apple macOS users. The malware collects login sessions and authentication credentials from a victim’s Mac device, which are then used to compromise wallet access and exchange account credentials. The primary targets include employees at digital asset companies, developers, and executives. ANY.RUN warned that compromising a single account could expose both wallet access rights and internal corporate systems, potentially leading to large-scale asset theft.
The malware is distributed via ClickFix, a social engineering technique that uses fake error messages and pop-ups to trick users into copying and executing malicious commands. Attacks are primarily conducted through Telegram using compromised personal accounts, with victims directed to fake meeting links resembling Zoom, Microsoft Teams, or Google Meet. Users are then prompted to execute commands under the guise of resolving connection issues. This user-initiated execution method can easily bypass traditional security systems.
The disclosure comes following the Kelp DAO hack on April 20, which resulted in the theft of 116,500 rsETH (restaked Ethereum). LayerZero identified TraderTraitor, a Lazarus-affiliated organization, as responsible for the attack. rsETH is distributed across multiple blockchains, with cross-chain transfers handled by LayerZero’s omnichain fungible token (OFT) standard.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
