Gate News message, April 22 — North Korean-linked hacking group Lazarus has launched attacks targeting cryptocurrency wallets using a newly discovered malware called Mach-O Man, according to a malware analysis report released on April 21 by security firm ANY.RUN. The malicious code is designed to steal keychain data, browser credentials, and login sessions from macOS systems to gain unauthorized access to digital asset wallets and exchange accounts.
Unlike previous Lazarus campaigns, this attack specifically targets Apple macOS users. The malware collects login sessions and authentication credentials from a victim’s Mac device, which are then used to compromise wallet access and exchange account credentials. The primary targets include employees at digital asset companies, developers, and executives. ANY.RUN warned that compromising a single account could expose both wallet access rights and internal corporate systems, potentially leading to large-scale asset theft.
The malware is distributed via ClickFix, a social engineering technique that uses fake error messages and pop-ups to trick users into copying and executing malicious commands. Attacks are primarily conducted through Telegram using compromised personal accounts, with victims directed to fake meeting links resembling Zoom, Microsoft Teams, or Google Meet. Users are then prompted to execute commands under the guise of resolving connection issues. This user-initiated execution method can easily bypass traditional security systems.
The disclosure comes following the Kelp DAO hack on April 20, which resulted in the theft of 116,500 rsETH (restaked Ethereum). LayerZero identified TraderTraitor, a Lazarus-affiliated organization, as responsible for the attack. rsETH is distributed across multiple blockchains, with cross-chain transfers handled by LayerZero’s omnichain fungible token (OFT) standard.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Crypto Hacks Fuel Wall Street Tokenization Debate
High-profile crypto exploits test DeFi risk yet unlikely derail tokenization; institutions favor permissioned chains, while broader tokenization must interoperate with DeFi; stablecoins face scrutiny and possible regulatory backlash.
CryptoFrontier3h ago
The UK Financial Conduct Authority launches its first crackdown on illegal peer-to-peer cryptocurrency trading
The FCA’s first wave of enforcement actions, working together with HMRC and the South West Regional Organised Crime Unit, raided multiple London locations suspected of running unregistered P2P cryptocurrency trading venues, issuing stop orders and bringing the matters into a criminal investigation. Experts say such unregistered platforms are illegal and carry high risk, and regulators will strengthen oversight gaps with regulations such as those on anti-money laundering. The UK is gradually building a cryptocurrency regulatory framework, with full implementation expected by 2027; in 2026, a registration application channel will be opened, and investors should carefully assess risks.
ChainNewsAbmedia5h ago
SpaceX $60B Cursor Deal Fuels SBF's Pardon Push as FTX's $200K Stake Now Worth $3B
Gate News message, April 22 — SpaceX announced a major partnership with AI coding startup Cursor today, with an option to acquire the company for $60 billion. The deal has given fresh ammunition to Sam Bankman-Fried (SBF), who is currently incarcerated and pushing for a presidential pardon, as it de
GateNews5h ago
Syed Sameer steps in as power broker in Justin Sun–WLFI standoff
Sameer Group CEO Syed Sameer is offering to broker a private deal to unfreeze Justin Sun's blacklisted WLFI tokens, drawing backlash from retail holders shut out of negotiations.
Summary
Sameer Group CEO Syed Sameer has publicly offered to broker a deal to unfreeze Justin Sun's blacklisted WLFI
Cryptonews5h ago
DOJ Launches Compensation Process for OneCoin Fraud Victims, $40M+ in Recovered Assets Available
Gate News message, April 22 — The U.S. Department of Justice has announced the launch of a compensation process for victims of the OneCoin cryptocurrency fraud scheme, with more than $40 million in recovered assets now available for distribution.
The scheme, operated between 2014 and 2019 by Ruja
GateNews8h ago
UK FCA Conducts Coordinated Raids on Illegal P2P Crypto Trading Sites in London
FCA raids eight London sites tied to unregistered P2P crypto trading, issuing cease-and-desist notices. Evidence points to money-laundering and terror-financing probes; no P2P platform is FCA-registered; enforcement signals a tougher AML crackdown.
Abstract: The FCA, with tax authorities and police, conducted surprise raids at eight London sites linked to unregistered peer-to-peer crypto trading, issuing cease-and-desist notices. The operation underpins ongoing money-laundering and terrorist-financing probes. No P2P platform is FCA-registered in the UK. Analysts view the action as a shift from statements to enforcement, signaling potential broader crackdowns under AML and financial-promotion rules for crypto assets, which remain high-risk investments.
GateNews9h ago
