North Korea's Safari: Hunting for RATs
Contents
No, this article isn’t about a well-known American band, but rather a well-known North Korean boy band.
Today we’ll talk about two things: a rather funny interview we just had with a new Chollima, and a new malware kit we’ve identified in the wild that they’re currently spreading.
This time, it’s not a Python or JavaScript implant, but a dedicated macOS kit, featuring a couple of Mach-O binaries.
So, for the lack of a better name, we’re calling this new kit Mach-O Man.
Conceptual artist’s impression about Mach-O Men.
Old habits die hard
You probably remember our previous encounters with Famous Chollima operatives. If not, here’s a recap:
Famous Chollima is a division of the infamous Lazarus Group, a hacking group linked to the North Korean government.
They often target crypto exchanges, DeFi protocols, and financial companies, although they also expand into other sectors. In recent times, they’ve started infiltrating companies by applying for legitimate job openings. Once …
Today we’ll talk about two things: a rather funny interview we just had with a new Chollima, and a new malware kit we’ve identified in the wild that they’re currently spreading.
This time, it’s not a Python or JavaScript implant, but a dedicated macOS kit, featuring a couple of Mach-O binaries.
So, for the lack of a better name, we’re calling this new kit Mach-O Man.
Conceptual artist’s impression about Mach-O Men.
Old habits die hard
You probably remember our previous encounters with Famous Chollima operatives. If not, here’s a recap:
Famous Chollima is a division of the infamous Lazarus Group, a hacking group linked to the North Korean government.
They often target crypto exchanges, DeFi protocols, and financial companies, although they also expand into other sectors. In recent times, they’ve started infiltrating companies by applying for legitimate job openings. Once …