K7 Labs' Ghost Mach-O talk analyzes Lazarus macOS malware used in cryptocurrency exchange targeting. The transcript describes AppleJeus style spear phishing in which a victim is directed to a fake trading application site, downloads a signed package, and runs a postinstall script that installs a loader with launch daemon persistence. The loader collects host and process information, contacts C2 infrastructure, and fetches a second stage payload, showing Lazarus' use of cross-platform tooling and signed macOS packages.