The Lazarus Group, allegedly linked to North Korea, has deployed a new macOS malware called KANDYKORN against a cryptocurrency exchange’s blockchain engineers. The hackers used a spoofed Python application within Discord to execute the malware, which is capable of file enumeration, data extraction, and executing additional malware.

North Korean Hackers Use Fake U.S. Companies to Spread Malware in Crypto Industry: Report
North Korean hackers reportedly set up shell companies in the US to penetrate the crypto sector and target developers via fake job offers, according to