TechFlow news: SlowMist Chief Information Security Officer 23pds stated on X that the hacker group Lazarus BlueNoroff has launched a new attack against the cryptocurrency industry using novel macOS malware.
Recently, Lazarus BlueNoroff exploited legitimate cryptocurrency exchanges to run an authentic blog hosted under the domain swissborg[.]com, accessible via the URL swissborg[.]com/blog. The malware then splits its command-and-control (C2) URL into two separate strings and concatenates them later, thereby evading static-based detection mechanisms.
Subsequently, BlueNoroff contacts targets posing as investors or recruiters, claiming interest in collaboration or offering profitable opportunities to gain trust before delivering the macOS Trojan. Cryptocurrency platform operators are advised to check their internal traffic control systems for any related access records.




