State-sponsored hackers believed to be from North Korea have attempted to infect the systems of blockchain engineers with a new macOS malware. Security researchers from Elastic discovered the attempts to spread the malware, named Kandykorn, began on Discord. Impersonating blockchain community members, the hackers directed victims to download a ZIP file containing the malware, under the guise of a cryptocurrency bot. Kandykorn has capabilities to monitor, interact and avoid detection. It runs on command-and-control servers used by the Lazarus Group.
Hackers are selling counterfeit phones with crypto-stealing malware
Kaspersky has identified thousands of low-cost Android smartphones sold online that come with preinstalled malware programmed to steal cryptocurrency details. The devices are infected with
