Markets News Report
November 01, 2023

North Korean Hackers Target Blockchain Engineers with Deceptive Crypto Bot

In Brief

Elastic Security Labs Sheds Light on Sophisticated macOS Malware Scheme by Lazarus Group

North Korean Hackers Target Blockchain Engineers with Deceptive Crypto Bot

In a revealing update from Elastic Security Labs, North Korea notorious Lazarus Group has emerged as the culprits behind an intricate hacking scheme aimed at blockchain engineers.

The hackers wielded a Python application, deceitfully presented as a cryptocurrency arbitrage bot, which they disseminated through direct messages on public Discord servers.

While it’s not uncommon for cybercriminals to exploit Discord’s massive user base for nefarious purposes, what’s striking in this particular instance is the malware’s design for macOS systems. Typically, macOS intrusions are not orchestrated in such a manner.

Elastic Security Labs chanced upon this malware during an analysis where they noticed an unusual attempt to load a binary into memory on a macOS device. This led them to uncover the aforementioned Python application linked to the intrusion.

Several factors cemented Lazarus Group’s involvement, including similarities in techniques, network infrastructure, and code-signing certificates. Additionally, the malware bore certain signature traits associated with previous attacks by the North Korea Lazarus Group. Elastic Security Labs has cataloged this specific intrusion pattern under the label REF7001.

Here’s a concise breakdown of the unfolding events:

  1. Lazarus Group, under the DPRK’s banner, baited blockchain engineers using a Python application as the initial point of entry.
  2. This malware exhibited multi-layered complexities, each specifically designed to dodge security defenses.
  3. Contrary to standard macOS malware attacks, this strategy revolved around loading binaries into the macOS system’s memory.

Blockchain engineers and crypto enthusiasts should exercise caution, especially when they receive unsolicited software recommendations or tools on platforms like Discord. The Lazarus Group’s continued evolution in its cyber-espionage tactics underscores the persistent threat they pose to the crypto industry and beyond.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

More articles
Nik Asti
Nik Asti

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

How Minmax Is Building The Professional AI Trading Terminal Prediction Markets Still Lack In 2026

Minmax processed roughly $100,000 in volume in the first three days of June, most of it through ...

Know More

The Calm Before The Solana Storm: What Charts, Whales, And On-Chain Signals Are Saying Now

Solana has demonstrated strong performance, driven by increasing adoption, institutional interest, and key partnerships, while facing potential ...

Know More
Read More
Read more
Startale Launches Onchain Finance Kits And Self-Custodial Payment Card To Connect Institutional Finance With Everyday Digital Asset Use
News Report Technology
Startale Launches Onchain Finance Kits And Self-Custodial Payment Card To Connect Institutional Finance With Everyday Digital Asset Use
July 12, 2026
Backpack Launches 24/7 Trading Of Real US Equities For International Investors
News Report Technology
Backpack Launches 24/7 Trading Of Real US Equities For International Investors
July 10, 2026
Gate Update: Gate US Expands To 47 Jurisdictions And Launches Visa Card As Markets Rally And New Products Roll Out
Digest News Report Technology
Gate Update: Gate US Expands To 47 Jurisdictions And Launches Visa Card As Markets Rally And New Products Roll Out
July 10, 2026
Bitcoin Absorbs Renewed Geopolitical Stress As QCP Capital Warns Of ‘Relief Rather Than Resolution’ In Global Liquidity
Markets News Report Technology
Bitcoin Absorbs Renewed Geopolitical Stress As QCP Capital Warns Of ‘Relief Rather Than Resolution’ In Global Liquidity
July 10, 2026