Gate News message, April 22 — North Korean-linked hacking group Lazarus has launched attacks targeting cryptocurrency wallets using a newly discovered malware called Mach-O Man, according to a malware analysis report released on April 21 by security firm ANY.RUN. The malicious code is designed to steal keychain data, browser credentials, and login sessions from macOS systems to gain unauthorized access to digital asset wallets and exchange accounts.
Unlike previous Lazarus campaigns, this attack specifically targets Apple macOS users. The malware collects login sessions and authentication credentials from a victim’s Mac device, which are then used to compromise wallet access and exchange account credentials. The primary targets include employees at digital asset companies, developers, and executives. ANY.RUN warned that compromising a single account could expose both wallet access rights and internal corporate systems, potentially leading to large-scale asset theft.
The malware is distributed via ClickFix, a social engineering technique that uses fake error messages and pop-ups to trick users into copying and executing malicious commands. Attacks are primarily conducted through Telegram using compromised personal accounts, with victims directed to fake meeting links resembling Zoom, Microsoft Teams, or Google Meet. Users are then prompted to execute commands under the guise of resolving connection issues. This user-initiated execution method can easily bypass traditional security systems.
The disclosure comes following the Kelp DAO hack on April 20, which resulted in the theft of 116,500 rsETH (restaked Ethereum). LayerZero identified TraderTraitor, a Lazarus-affiliated organization, as responsible for the attack. rsETH is distributed across multiple blockchains, with cross-chain transfers handled by LayerZero’s omnichain fungible token (OFT) standard.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Articoli correlati
AI16Z, ELIZAOS Creators Sued Over $2.6B Fraud Allegations; Token Crashes 99.9% From Peak
Federal class action accuses AI16Z/ELIZAOS of a $2.6B crypto fraud via fake AI claims and deceptive marketing, alleging insider favoritism and a staged autonomous system; seeks damages under consumer protection laws.
Abstract: This report covers a SDNY federal class-action filed April 21 accusing AI16Z and its rebrand ELIZAOS of a $2.6 billion crypto fraud involving fake AI claims and deceptive marketing. The suit alleges a manufactured link with Andreessen Horowitz and a non-autonomous system. It details a peak valuation in early 2025, a 99.9% crash, and about 4,000 losing wallets, with insiders receiving ~40% of new tokens. Plaintiffs seek damages and equitable relief under New York and California consumer-protection laws. Regulators in Korea and major exchanges have warned or suspended related trading.
GateNews8m fa
Ripple CEO Garlinghouse Signals 75% Confidence in Legal Resolution by End of April
Ripple CEO Garlinghouse says there is about a 75% chance of a final resolution by end of April, signaling progress in the long-running case and its broader implications for digital asset regulation.
GateNews2h fa
Privacy Protocol Umbra Shuts Down Frontend to Block Attackers from Laundering Stolen Kelp Funds
Gate News message, April 22 — Privacy protocol Umbra has shut down its frontend website to prevent attackers from using the protocol to transfer stolen funds following recent attacks, including the Kelp protocol breach that resulted in losses exceeding $280 million. Approximately $800,000 in stolen
GateNews5h fa
孫宇晨起訴 World Liberty Financial,控 WLFI 代幣遭錯誤凍結
據彭博社 4 月 22 日報道,TRON 創辦人孫宇晨已在加利福尼亞州聯邦法院對 World Liberty Financial(WLFI)提起訴訟。WLFI 是一個由美國總統唐納德·川普兒子支持的去中心化金融(DeFi)項目。孫宇晨於週三發表聲明,表示曾嘗試以非訴方式解決爭議但遭拒絕後,決定訴諸法律途徑。
MarketWhisper6h fa
不滿代幣遭凍結!TRON 創辦人孫宇晨對川普家族 WLFI 提告
波場 TRON 創辦人孫宇晨與川普家族加密專案 World Liberty Financial(WLFI)的衝突,正式從社群口水戰升級為聯邦訴訟。孫宇晨 4 月 22 日表示,已在加州聯邦法院對 World Liberty Financial 提告,主張自己作為 WLFI 代幣持有人的合法權利遭到侵害,包括代幣被凍結、治理投票權遭剝奪,甚至被威脅將持幣直接銷毀。
WLFI 投資人代幣被鎖倉到川普任期之後
孫宇晨在 X 上發文稱,他依然支持川普與其政府推動美國加密友善政策的方向,這起訴訟並不改變他對川普政府的看法;但他同時點名,World Liberty 專案團隊中「某些人」的作法,已背離川
ChainNewsAbmedia6h fa
