Security researchers have reported a new macOS malware that traces back to the malicious North Korean hacking group Lazarus. The threat has a low detection rate and is capable of retrieving a payload from a remote location. Malware researcher Dinesh Devadoss provided a hash for the malware sample that had the capability to load a Mach-O executable file from memory. Devadoss reported on Tuesday that detection of the malware is almost nonexistent, and just four antivirus engines flagged it as malicious.
Researchers found key overlaps between the malware found by Devadoss and those implanted by Lazarus. The sample is packaged under the name UnionCryptoTrader on a website that advertised a smart cryptocurrency trading platform.
Read More: New macOS Threat Served from Cryptocurrency Trading Platform
