KandyKorn Malware
According to a study conducted by Elastic Security Labs, the malware, dubbed as ‘KandyKorn’ is a sophisticated backdoor that could be used to steal data, directory listing, file upload/download, secure deletion, process termination, and command execution.
At first, the attackers used Discord channels to propagate Python-based modules by pretending to be active members of the community.
Apparently, the social engineering attacks pose as an arbitrage bot intended to generate automatic profits by coercing its members into downloading a malicious ZIP archive called “Cross=platform Bridges.zip.” However, there are 13 malicious modules that are being imported by the file to work together in order to steal and alter the stolen information.
The report reads, “We observed the threat actor adopting a technique we have not previously seen them use to achieve persistence on macOS, known as execution flow hijacking.”
Users of Unibot were notified by blockchain analytics company Scopescan about an ongoing hack, which was subsequently verified by an official source:
Content was cut in order to protect the source.Please visit the source for the rest of the article.