home.social

#lazarus — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #lazarus, aggregated by home.social.

  1. RemotePE: The Lazarus RAT that lives in memory

    Pulse ID: 6a15279470f40ea28e34fa55
    Pulse Link: otx.alienvault.com/pulse/6a152
    Pulse Author: Tr1sa111
    Created: 2026-05-26 04:54:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #OTX #OpenThreatExchange #RAT #bot #Tr1sa111

  2. RemotePE: The Lazarus RAT that lives in memory

    A sophisticated memory-only toolset used by a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations consists of three malware families forming a chain. DPAPILoader decrypts and loads RemotePELoader from disk using Windows Data Protection API. RemotePELoader beacons to command-and-control servers and retrieves RemotePE, a fully-fledged remote access trojan executed entirely in memory without filesystem artifacts. The toolset employs environmental keying via DPAPI, EDR evasion through HellsGate technique and ETW patching, actor-in-the-loop payload delivery, and shared hosting infrastructure on Namecheap. RemotePE features comprehensive RAT capabilities including file operations, process management, command execution, and a plugin system for dynamically loading additional payloads, while maintaining persistence through masquerading as legitimate Windows services.

    Pulse ID: 6a1447f25db6bc082d5093cb
    Pulse Link: otx.alienvault.com/pulse/6a144
    Pulse Author: AlienVault
    Created: 2026-05-25 13:00:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #Edge #InfoSec #Korea #Lazarus #Malware #Namecheap #NorthKorea #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Trojan #Windows #bot #cryptocurrency #AlienVault

  3. RemotePE: The Lazarus RAT that lives in memory

    A sophisticated memory-only toolset used by a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations consists of three malware families forming a chain. DPAPILoader decrypts and loads RemotePELoader from disk using Windows Data Protection API. RemotePELoader beacons to command-and-control servers and retrieves RemotePE, a fully-fledged remote access trojan executed entirely in memory without filesystem artifacts. The toolset employs environmental keying via DPAPI, EDR evasion through HellsGate technique and ETW patching, actor-in-the-loop payload delivery, and shared hosting infrastructure on Namecheap. RemotePE features comprehensive RAT capabilities including file operations, process management, command execution, and a plugin system for dynamically loading additional payloads, while maintaining persistence through masquerading as legitimate Windows services.

    Pulse ID: 6a1447f25db6bc082d5093cb
    Pulse Link: otx.alienvault.com/pulse/6a144
    Pulse Author: AlienVault
    Created: 2026-05-25 13:00:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #Edge #InfoSec #Korea #Lazarus #Malware #Namecheap #NorthKorea #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Trojan #Windows #bot #cryptocurrency #AlienVault

  4. RemotePE: The Lazarus RAT that lives in memory

    A sophisticated memory-only toolset used by a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations consists of three malware families forming a chain. DPAPILoader decrypts and loads RemotePELoader from disk using Windows Data Protection API. RemotePELoader beacons to command-and-control servers and retrieves RemotePE, a fully-fledged remote access trojan executed entirely in memory without filesystem artifacts. The toolset employs environmental keying via DPAPI, EDR evasion through HellsGate technique and ETW patching, actor-in-the-loop payload delivery, and shared hosting infrastructure on Namecheap. RemotePE features comprehensive RAT capabilities including file operations, process management, command execution, and a plugin system for dynamically loading additional payloads, while maintaining persistence through masquerading as legitimate Windows services.

    Pulse ID: 6a1447f25db6bc082d5093cb
    Pulse Link: otx.alienvault.com/pulse/6a144
    Pulse Author: AlienVault
    Created: 2026-05-25 13:00:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #Edge #InfoSec #Korea #Lazarus #Malware #Namecheap #NorthKorea #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Trojan #Windows #bot #cryptocurrency #AlienVault

  5. RemotePE: The Lazarus RAT that lives in memory

    A sophisticated memory-only toolset used by a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations consists of three malware families forming a chain. DPAPILoader decrypts and loads RemotePELoader from disk using Windows Data Protection API. RemotePELoader beacons to command-and-control servers and retrieves RemotePE, a fully-fledged remote access trojan executed entirely in memory without filesystem artifacts. The toolset employs environmental keying via DPAPI, EDR evasion through HellsGate technique and ETW patching, actor-in-the-loop payload delivery, and shared hosting infrastructure on Namecheap. RemotePE features comprehensive RAT capabilities including file operations, process management, command execution, and a plugin system for dynamically loading additional payloads, while maintaining persistence through masquerading as legitimate Windows services.

    Pulse ID: 6a1447f25db6bc082d5093cb
    Pulse Link: otx.alienvault.com/pulse/6a144
    Pulse Author: AlienVault
    Created: 2026-05-25 13:00:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #Edge #InfoSec #Korea #Lazarus #Malware #Namecheap #NorthKorea #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Trojan #Windows #bot #cryptocurrency #AlienVault

  6. RemotePE: The Lazarus RAT that lives in memory

    A sophisticated memory-only toolset used by a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations consists of three malware families forming a chain. DPAPILoader decrypts and loads RemotePELoader from disk using Windows Data Protection API. RemotePELoader beacons to command-and-control servers and retrieves RemotePE, a fully-fledged remote access trojan executed entirely in memory without filesystem artifacts. The toolset employs environmental keying via DPAPI, EDR evasion through HellsGate technique and ETW patching, actor-in-the-loop payload delivery, and shared hosting infrastructure on Namecheap. RemotePE features comprehensive RAT capabilities including file operations, process management, command execution, and a plugin system for dynamically loading additional payloads, while maintaining persistence through masquerading as legitimate Windows services.

    Pulse ID: 6a1447f25db6bc082d5093cb
    Pulse Link: otx.alienvault.com/pulse/6a144
    Pulse Author: AlienVault
    Created: 2026-05-25 13:00:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #Edge #InfoSec #Korea #Lazarus #Malware #Namecheap #NorthKorea #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Trojan #Windows #bot #cryptocurrency #AlienVault

  7. Faith Demands Sacrifice. Survival Demands Blood. Welcome to LAZARUS ORDER.
    A collision of medieval horror, dark fantasy, plague-era paranoia, and straight-up nightmare fuel is coming this summer, and Mad Cave Studios is not playing around. LAZARUS ORDER is stepping out of the shadows like a plague doctor with...
    comiccrusaders.com/comic-books
    #lazarus order #comics #comic books #mad cave studios

  8. Faith Demands Sacrifice. Survival Demands Blood. Welcome to LAZARUS ORDER.
    A collision of medieval horror, dark fantasy, plague-era paranoia, and straight-up nightmare fuel is coming this summer, and Mad Cave Studios is not playing around. LAZARUS ORDER is stepping out of the shadows like a plague doctor with...
    comiccrusaders.com/comic-books
    #lazarus order #comics #comic books #mad cave studios

  9. Faith Demands Sacrifice. Survival Demands Blood. Welcome to LAZARUS ORDER.
    A collision of medieval horror, dark fantasy, plague-era paranoia, and straight-up nightmare fuel is coming this summer, and Mad Cave Studios is not playing around. LAZARUS ORDER is stepping out of the shadows like a plague doctor with...
    comiccrusaders.com/comic-books
    #lazarus order #comics #comic books #mad cave studios

  10. Цена одной опечатки: Как три неверные буквы сорвали киберограбление на миллиард долларов

    Взлом системы SWIFT часто кажется чем-то из области голливудской фантастики, но в 2016 году группировка Lazarus доказала обратное. В этой статье мы шаг за шагом разберем архитектуру одной из самых дерзких APT-атак в истории: на Центробанк Бангладеш. Вы узнаете, как хакеры использовали целевой фишинг для первичного проникновения, как обходили встроенную криптографию ПО Alliance Access в оперативной памяти и зачем им понадобилось модифицировать прошивку обычного матричного принтера. Это история о том, как тотальная экономия на сетевой инфраструктуре чуть не стоила суверенному государству миллиарда долларов.

    habr.com/ru/articles/1038600/

    #информационная_безопасность #lazarus #киберпреступность #swift #apt #малварь #хакеры #бангладеш #социальная_инженерия #уязвимости

  11. Цена одной опечатки: Как три неверные буквы сорвали киберограбление на миллиард долларов

    Взлом системы SWIFT часто кажется чем-то из области голливудской фантастики, но в 2016 году группировка Lazarus доказала обратное. В этой статье мы шаг за шагом разберем архитектуру одной из самых дерзких APT-атак в истории: на Центробанк Бангладеш. Вы узнаете, как хакеры использовали целевой фишинг для первичного проникновения, как обходили встроенную криптографию ПО Alliance Access в оперативной памяти и зачем им понадобилось модифицировать прошивку обычного матричного принтера. Это история о том, как тотальная экономия на сетевой инфраструктуре чуть не стоила суверенному государству миллиарда долларов.

    habr.com/ru/articles/1038600/

    #информационная_безопасность #lazarus #киберпреступность #swift #apt #малварь #хакеры #бангладеш #социальная_инженерия #уязвимости

  12. Цена одной опечатки: Как три неверные буквы сорвали киберограбление на миллиард долларов

    Взлом системы SWIFT часто кажется чем-то из области голливудской фантастики, но в 2016 году группировка Lazarus доказала обратное. В этой статье мы шаг за шагом разберем архитектуру одной из самых дерзких APT-атак в истории: на Центробанк Бангладеш. Вы узнаете, как хакеры использовали целевой фишинг для первичного проникновения, как обходили встроенную криптографию ПО Alliance Access в оперативной памяти и зачем им понадобилось модифицировать прошивку обычного матричного принтера. Это история о том, как тотальная экономия на сетевой инфраструктуре чуть не стоила суверенному государству миллиарда долларов.

    habr.com/ru/articles/1038600/

    #информационная_безопасность #lazarus #киберпреступность #swift #apt #малварь #хакеры #бангладеш #социальная_инженерия #уязвимости

  13. Цена одной опечатки: Как три неверные буквы сорвали киберограбление на миллиард долларов

    Взлом системы SWIFT часто кажется чем-то из области голливудской фантастики, но в 2016 году группировка Lazarus доказала обратное. В этой статье мы шаг за шагом разберем архитектуру одной из самых дерзких APT-атак в истории: на Центробанк Бангладеш. Вы узнаете, как хакеры использовали целевой фишинг для первичного проникновения, как обходили встроенную криптографию ПО Alliance Access в оперативной памяти и зачем им понадобилось модифицировать прошивку обычного матричного принтера. Это история о том, как тотальная экономия на сетевой инфраструктуре чуть не стоила суверенному государству миллиарда долларов.

    habr.com/ru/articles/1038600/

    #информационная_безопасность #lazarus #киберпреступность #swift #apt #малварь #хакеры #бангладеш #социальная_инженерия #уязвимости

  14. #Lazarus won Best Original Anime at the #CrunchyrollAnimeAwards.

    That's twice in a row that a #Toonami Original #anime has won this particular award. Not bad for a block that people still don't know is still running to this day.

  15. #Lazarus won Best Original Anime at the #CrunchyrollAnimeAwards.

    That's twice in a row that a #Toonami Original #anime has won this particular award. Not bad for a block that people still don't know is still running to this day.

  16. The Gentleman Ransomware | Defense Evasion TTPs Uncovered

    In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

    Pulse ID: 6a0f8f34dd916c38a643df30
    Pulse Link: otx.alienvault.com/pulse/6a0f8
    Pulse Author: AlienVault
    Created: 2026-05-21 23:03:16

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

  17. The Gentleman Ransomware | Defense Evasion TTPs Uncovered

    In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

    Pulse ID: 6a0f8f34dd916c38a643df30
    Pulse Link: otx.alienvault.com/pulse/6a0f8
    Pulse Author: AlienVault
    Created: 2026-05-21 23:03:16

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

  18. The Gentleman Ransomware | Defense Evasion TTPs Uncovered

    In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

    Pulse ID: 6a0f8f34dd916c38a643df30
    Pulse Link: otx.alienvault.com/pulse/6a0f8
    Pulse Author: AlienVault
    Created: 2026-05-21 23:03:16

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

  19. The Gentleman Ransomware | Defense Evasion TTPs Uncovered

    In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

    Pulse ID: 6a0f8f34dd916c38a643df30
    Pulse Link: otx.alienvault.com/pulse/6a0f8
    Pulse Author: AlienVault
    Created: 2026-05-21 23:03:16

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

  20. The Gentleman Ransomware | Defense Evasion TTPs Uncovered

    In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

    Pulse ID: 6a0f8f34dd916c38a643df30
    Pulse Link: otx.alienvault.com/pulse/6a0f8
    Pulse Author: AlienVault
    Created: 2026-05-21 23:03:16

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

  21. Wer darf sich ab 01.06 um ein neuen Job kümmern?
    War jetzt fast 10 Jahre in Rente auf Zeit. Und nun meint die Rentenkasse, ich kann wieder mehr als 6 Stunden täglich arbeiten. Was ich aber nicht glaube.

    2016 hatte, ich in Zwei Foren gefragt und habe mein Traumjob gefunden. Dann kam die Erkrankung.
    Was ich suche ist ein Job ohne Ausbildung und den ich im Sitzen erledigen kann.

    Ich arbeite Zuhause mit Lazarus unter Linux. Bin gelernter Bäcker.

    Zuhause bin ich auch gerade nicht.
    Wer Ideen hat auch für weiter Hachtags...

    #jobsuche, #lazarus, #objekt #pascal

  22. Wer darf sich ab 01.06 um ein neuen Job kümmern?
    War jetzt fast 10 Jahre in Rente auf Zeit. Und nun meint die Rentenkasse, ich kann wieder mehr als 6 Stunden täglich arbeiten. Was ich aber nicht glaube.

    2016 hatte, ich in Zwei Foren gefragt und habe mein Traumjob gefunden. Dann kam die Erkrankung.
    Was ich suche ist ein Job ohne Ausbildung und den ich im Sitzen erledigen kann.

    Ich arbeite Zuhause mit Lazarus unter Linux. Bin gelernter Bäcker.

    Zuhause bin ich auch gerade nicht.
    Wer Ideen hat auch für weiter Hachtags...

    #jobsuche, #lazarus, #objekt #pascal

  23. Wer darf sich ab 01.06 um ein neuen Job kümmern?
    War jetzt fast 10 Jahre in Rente auf Zeit. Und nun meint die Rentenkasse, ich kann wieder mehr als 6 Stunden täglich arbeiten. Was ich aber nicht glaube.

    2016 hatte, ich in Zwei Foren gefragt und habe mein Traumjob gefunden. Dann kam die Erkrankung.
    Was ich suche ist ein Job ohne Ausbildung und den ich im Sitzen erledigen kann.

    Ich arbeite Zuhause mit Lazarus unter Linux. Bin gelernter Bäcker.

    Zuhause bin ich auch gerade nicht.
    Wer Ideen hat auch für weiter Hachtags...

    #jobsuche, #lazarus, #objekt #pascal

  24. Wer darf sich ab 01.06 um ein neuen Job kümmern?
    War jetzt fast 10 Jahre in Rente auf Zeit. Und nun meint die Rentenkasse, ich kann wieder mehr als 6 Stunden täglich arbeiten. Was ich aber nicht glaube.

    2016 hatte, ich in Zwei Foren gefragt und habe mein Traumjob gefunden. Dann kam die Erkrankung.
    Was ich suche ist ein Job ohne Ausbildung und den ich im Sitzen erledigen kann.

    Ich arbeite Zuhause mit Lazarus unter Linux. Bin gelernter Bäcker.

    Zuhause bin ich auch gerade nicht.
    Wer Ideen hat auch für weiter Hachtags...

    #jobsuche, #lazarus, #objekt #pascal

  25. Wer darf sich ab 01.06 um ein neuen Job kümmern?
    War jetzt fast 10 Jahre in Rente auf Zeit. Und nun meint die Rentenkasse, ich kann wieder mehr als 6 Stunden täglich arbeiten. Was ich aber nicht glaube.

    2016 hatte, ich in Zwei Foren gefragt und habe mein Traumjob gefunden. Dann kam die Erkrankung.
    Was ich suche ist ein Job ohne Ausbildung und den ich im Sitzen erledigen kann.

    Ich arbeite Zuhause mit Lazarus unter Linux. Bin gelernter Bäcker.

    Zuhause bin ich auch gerade nicht.
    Wer Ideen hat auch für weiter Hachtags...

    #jobsuche, #lazarus, #objekt #pascal

  26. Lazarus Group + IA = une industrialisation inquiétante des attaques ciblant les développeurs. Ce qui était artisanal devient scalable : fausses offres d'emploi, social engineering automatisé, code malveillant personnalisé. La menace ne s'améliore pas, elle se démultiplie. Rester curieux sur ces TTPs, c'est déjà une forme de défense. 🔍 #infosec #ThreatIntel #Lazarus
    infosec.pub/post/45532833

  27. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec9743b876273d04a7efb0
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:19

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  28. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec9743b876273d04a7efb0
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:19

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  29. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec9743b876273d04a7efb0
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:19

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  30. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec9743b876273d04a7efb0
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:19

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  31. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec9743b876273d04a7efb0
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:19

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  32. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec976bddee2a8bbe864445
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:59

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  33. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec976bddee2a8bbe864445
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:59

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  34. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec976bddee2a8bbe864445
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:59

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  35. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec976bddee2a8bbe864445
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:59

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  36. Lazarus Group Targets macOS Users via ClickFlixAttack

    Lazarus Group uses ClickFixto trick macOS users into fake meeting pages and executing malicious commands.

    Pulse ID: 69ec976bddee2a8bbe864445
    Pulse Link: otx.alienvault.com/pulse/69ec9
    Pulse Author: cryptocti
    Created: 2026-04-25 10:28:59

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #Lazarus #Mac #MacOS #OTX #OpenThreatExchange #bot #cryptocti

  37. 📢 Vol de 290 M$ sur Kelp : TraderTraitor (Lazarus) exploite une faille de configuration LayerZero
    📝 ## 🗓️ Contexte

    Source : The Record Media, publié le 20 avril 2026.
    📖 cyberveille : cyberveille.ch/posts/2026-04-2
    🌐 source : therecord.media/crypto-north-k
    #LayerZero #Lazarus #Cyberveille

  38. Mach-O Man Malware: What CISOs Need to Know

    Lazarus Group is conducting an active campaign targeting businesses through ClickFix attacks, distributing a newly identified macOS malware kit called "Mach-O Man". The attack begins with fake meeting invitations via Telegram, redirecting victims to fraudulent collaboration platforms impersonating Zoom, Microsoft Teams, or Google Meet. Victims are tricked into executing terminal commands that install the malware. The kit consists of Go-based Mach-O binaries including a stager, profiler, persistence mechanism, and stealer. The malware collects credentials, browser data, and macOS Keychain entries, exfiltrating data through Telegram. Primary targets include fintech, crypto, and high-value environments where macOS is prevalent. The campaign leverages social engineering and native macOS binaries to evade traditional EDR detection, ultimately enabling account takeover, unauthorized infrastructure access, and financial loss.

    Pulse ID: 69e82714e5cf2d1fb9fe1b0a
    Pulse Link: otx.alienvault.com/pulse/69e82
    Pulse Author: AlienVault
    Created: 2026-04-22 01:40:36

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #CyberSecurity #EDR #Google #GoogleMeet #InfoSec #Lazarus #Mac #MacOS #Malware #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #RAT #SocialEngineering #Telegram #Zoom #bot #AlienVault

  39. Mach-O Man Malware: What CISOs Need to Know

    Lazarus Group is conducting an active campaign targeting businesses through ClickFix attacks, distributing a newly identified macOS malware kit called "Mach-O Man". The attack begins with fake meeting invitations via Telegram, redirecting victims to fraudulent collaboration platforms impersonating Zoom, Microsoft Teams, or Google Meet. Victims are tricked into executing terminal commands that install the malware. The kit consists of Go-based Mach-O binaries including a stager, profiler, persistence mechanism, and stealer. The malware collects credentials, browser data, and macOS Keychain entries, exfiltrating data through Telegram. Primary targets include fintech, crypto, and high-value environments where macOS is prevalent. The campaign leverages social engineering and native macOS binaries to evade traditional EDR detection, ultimately enabling account takeover, unauthorized infrastructure access, and financial loss.

    Pulse ID: 69e82714e5cf2d1fb9fe1b0a
    Pulse Link: otx.alienvault.com/pulse/69e82
    Pulse Author: AlienVault
    Created: 2026-04-22 01:40:36

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #CyberSecurity #EDR #Google #GoogleMeet #InfoSec #Lazarus #Mac #MacOS #Malware #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #RAT #SocialEngineering #Telegram #Zoom #bot #AlienVault