Updated: 22.04.2026
- MacOS malware linked to Lazarus Group has targeted cryptocurrency and fintech companies.
- The malware steals browser credentials, cookies, keychain data, and system information.
Cybersecurity experts have linked a new macOS malware campaign to the North Korean-linked hacker group Lazarus Group, which is behind some of the largest hacks in the crypto industry.
According to Mauro Eldrich, founder of threat intelligence firm BCA Ltd., a new malware kit called Mach-O Man is being distributed through social engineering schemes called “ClickFix” among traditional and cryptocurrency companies.
Fake Mach-O Man Kit Apps
Potential victims lure to a fake Zoom or Google Meet call where they are asked to execute commands that download malware in the background, allowing attackers to bypass traditional security measures and undetected access to credentials and corporate systems.
This could lead to account takeover, unauthorized access to infrastructure, financial losses, and disclosure of critical data.
It appears that Lazarus Group continues to expand beyond cryptocurrency companies. North Korean hackers are accused of the largest attacks on platforms. They are also suspected of the largest attack to date. hacking Exchange bybit worth $1,4 billion in 2025.
Risk Warning:
The information on this website is for informational and educational purposes only and does not constitute investment advice or financial recommendations. Cryptocurrencies and digital assets carry a high level of risk, including possible loss of capital. The editors are not responsible for decisions made based on the published materials. It is recommended that you conduct your own research (DYOR) before making investment decisions. Read the editorial policy. https://happycoin.club/about/