North Korea’s Lazarus Group Launches macOS Malware Attack

According to CoinDesk, the North Korean hacking group Lazarus Group has launched a new macOS-targeted campaign dubbed “Mach-O Man,” aimed at executives and institutions within high-value sectors such as cryptocurrency and fintech. The attack employs a social engineering technique called “ClickFix” to trick victims into pasting commands into their Mac Terminal, thereby granting attackers access to corporate systems, SaaS platforms, and financial resources. CertiK researchers stated that “Mach-O Man” is a modular macOS malware toolkit developed by Lazarus Group, now also adopted by other cybercriminal groups. It often self-deletes before victims detect it, complicating attribution and detection. Additionally, attackers have already carried out this campaign by hijacking DeFi project domains and replacing legitimate Cloudflare messages with fake ones.