Security researchers warn that the North Korean hacking group Lazarus has used new macOS and Windows malware in recent attacks. These recent attacks are a multi-stage process involving various evasion techniques and loaders. At the end of these attacks, a new macOS malware named KandyKorn is executed on the target machine, allowing the attackers to access and exfiltrate data from the system. Once installed, the malware would wait for its command-and-control (C&C) server to send commands enabling it to harvest information, list directories, list running processes, download files, upload files, archive directories and exfiltrate them, erase files, kill processes, execute commands using a terminal, spawn a shell, download a configuration from the server, sleep, and exit.

Read more: https://www.securityweek.com/north-korean-hackers-use-new-kandykorn-macos-malware-in-attacks/