TechFlow News: On April 22, according to CoinDesk, the North Korean hacking group Lazarus Group has launched a new macOS-targeted campaign dubbed “Mach-O Man,” aimed at executives and institutions within high-value sectors such as cryptocurrency and fintech.
This campaign employs the “ClickFix” social engineering technique to trick victims into pasting commands into the Mac Terminal, thereby gaining access to corporate systems, SaaS platforms, and financial resources. CertiK researchers stated that “Mach-O Man” is a modular macOS malware toolkit developed by Lazarus Group, now also adopted by other cybercriminal groups. It often self-deletes before victims notice, complicating attribution and detection. Additionally, attackers have carried out this campaign by hijacking DeFi project domains and replacing legitimate Cloudflare messages with fake ones.
