DPRK-aligned APT macOS activity In recent years, the Lazarus Group, a North Korean state-sponsored APT group , has intensified its focus on macOS, marking a significant shift in the macOS threat landscape. They employed advanced phishing campaigns themed around job recruitment, distributing signed malware disguised as legitimate job application files to macOS users in corporate environments. The ElectroRAT campaign, spanning into 2021, targeted cryptocurrency users across macOS, Windows, and Linux systems. Once installed, the malware established persistence on macOS systems via LaunchDaemons or LaunchAgents, granting Lazarus remote control and the ability to exfiltrate valuable data, including cryptocurrency wallet keys.