macOS Components Used in North Korean Crypto-Heists - Proofpoint | lazarus.day

macOS Components Used in North Korean Crypto-Heists

2024-05-08 • Proofpoint •

https://www.sentinelone.com/labs/labscon23-replay-macos-components-used-in-north-korean-crypto-heists/

#Youtube #macOS #Slides

Attachments

MacOS_Components_Used_in_North_Korean_Crypto-Heists_MATAv5_Update.pdf (9 MB)

Thumbnail for macOS Components Used in North Korean Crypto-Heists

Proofpoint's LABScon talk examines North Korean macOS malware used in cryptocurrency theft and espionage operations. The source says DPRK-linked operators have invested heavily in Apple's desktop environment and uses Mach-O samples to show how related clusters and malware families can be connected. The hunting method centers on similarity analysis of Mach-O binaries and linked dynamic libraries, offering pivots beyond basic string searches for finding related samples.

Related Reports

2024-04-24 • 33% Match

Nation-State Threat Actors Renew Publications to npm

Phylum

#macOS #NPM

Shares tag: macOS • Published within a month

2024-04-18 • 33% Match

From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams

Avast

#BYOVD #Slides #FudModule #CVE-2024-21338 #KaolinRAT

Shares tag: Slides • Published within a month

2024-04-11 • 33% Match

Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation

Interpres Security

#APT37 #CloudMensis #macOS #JokerSpy

Shares tag: macOS • Published within a month

2024-10-03 • 31% Match

Sugarcoating KANDYKORN: a sweet dive into a sophisticated MacOS backdoor

Elastic

#Youtube #macOS #KANDYKORN #REF7001

Shares tags: Youtube, macOS

2023-10-17 • 26% Match

He is everywhere: A tale of Lazarus and his family

lazarusholic

#Youtube #Slides

Shares tags: Youtube, Slides

2021-01-07 • 26% Match

Ghost Mach-O: an analysis of Lazarus’ Mac-malware innovations

K7Security Labs

#Youtube #macOS #Lazarus

Shares tags: Youtube, macOS