Gate News message, April 22 — North Korean-linked hacking group Lazarus has launched attacks targeting cryptocurrency wallets using a newly discovered malware called Mach-O Man, according to a malware analysis report released on April 21 by security firm ANY.RUN. The malicious code is designed to steal keychain data, browser credentials, and login sessions from macOS systems to gain unauthorized access to digital asset wallets and exchange accounts.
Unlike previous Lazarus campaigns, this attack specifically targets Apple macOS users. The malware collects login sessions and authentication credentials from a victim’s Mac device, which are then used to compromise wallet access and exchange account credentials. The primary targets include employees at digital asset companies, developers, and executives. ANY.RUN warned that compromising a single account could expose both wallet access rights and internal corporate systems, potentially leading to large-scale asset theft.
The malware is distributed via ClickFix, a social engineering technique that uses fake error messages and pop-ups to trick users into copying and executing malicious commands. Attacks are primarily conducted through Telegram using compromised personal accounts, with victims directed to fake meeting links resembling Zoom, Microsoft Teams, or Google Meet. Users are then prompted to execute commands under the guise of resolving connection issues. This user-initiated execution method can easily bypass traditional security systems.
The disclosure comes following the Kelp DAO hack on April 20, which resulted in the theft of 116,500 rsETH (restaked Ethereum). LayerZero identified TraderTraitor, a Lazarus-affiliated organization, as responsible for the attack. rsETH is distributed across multiple blockchains, with cross-chain transfers handled by LayerZero’s omnichain fungible token (OFT) standard.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Study Finds Only 3% of Polymarket Traders Are Skilled, Capturing Over 30% of Gains
Gate News message, April 26 — A new academic paper analyzing Polymarket transactions from 2023 through 2025 concludes that the platform's accuracy reflects "the wisdom of an informed minority, not the wisdom of the crowd." The research, revised April 25 by scholars from London Business School and
GateNews1h ago
US Sanctions Iran-Linked Crypto Wallets Holding $344M Frozen by Tether
U.S. Treasury Secretary Scott Bessent announced sanctions on multiple wallets linked to Iran as part of President Donald Trump's efforts to increase economic pressure on the country amid an ongoing ceasefire, according to CNN. The action followed Tether's freeze of $344 million in USDT on Tron,
CryptoFrontier2h ago
CFTC Faces Enforcement Crisis as 24% Staff Cuts Hit Insider Trading Oversight in Crypto and Prediction Markets
Gate News message, April 26 — The U.S. Commodity Futures Trading Commission (CFTC) has cut 24% of its workforce since Donald Trump returned to office, leaving the agency at its lowest staffing level in 15 years amid growing insider-trading risks across crypto, oil futures, and prediction markets. Th
GateNews2h ago
Brazil Bans Polymarket, Kalshi, 26 Other Prediction Platforms
Brazil has enacted a sweeping ban on prediction markets and betting platforms, according to local media and government filings. The two leading prediction markets, Polymarket and Kalshi, were confirmed inaccessible to researchers based in the country, with the Banco Central do Brasil publishing a fo
CryptoFrontier3h ago
22-Year-Old Sentenced to 70 Months for $263 Million Crypto Theft Money Laundering
California resident Evan Tangeman, 22, was sentenced on Friday to 70 months in federal prison for his role laundering proceeds from a multi-state cryptocurrency theft ring that stole approximately $263 million in digital assets from victims, according to the U.S. Department of Justice. U.S.
CryptoFrontier4h ago
Justin Sun Skips Trump Memecoin Event Amid Legal Dispute with World Liberty
Gate News message, April 26 — Justin Sun, one of the largest investors in the TRUMP token, notably did not attend a memecoin-themed event hosted by US President Donald Trump at Mar-a-Lago in Florida this year, marking a significant shift from his prominent appearance at a similar event last year.
T
GateNews4h ago
