North Korean hackers use new macOS malware in crypto-theft attacks

North Korean hackers are using AI-generated videos and the ClickFix technique to deploy malware on macOS and Windows, targeting the cryptocurrency sector. Google's Mandiant researchers identified seven distinct macOS malware families and attributed the attack to UNC1069, a threat group active since 2018. The attack involved social engineering, using a compromised Telegram account to contact the victim and a spoofed Zoom meeting page to deliver the malware. The malware families include SUGARLOADER, WAVESHAPER, SILENCELIFT, DEEPBREATH, and CHROMEPUSH, with SUGARLOADER having the most detections on VirusTotal.