Kandykorn

Malware updated 4 months ago (2024-05-04T20:22:02.429Z)

Download STIX

Preview STIX

KandyKorn is a new strain of malware that has recently been identified as an emerging threat to the technology sector, particularly targeting blockchain engineers. The malicious software, which is designed to infiltrate and damage computer systems, often enters undetected through suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The Lazarus group, a notorious cybercriminal organization, is behind the development and deployment of KandyKorn. The group is specifically targeting macOS users in the blockchain engineering field, demonstrating a sophisticated understanding of this niche industry and its associated technologies. The methods used by Lazarus indicate a high level of technical expertise, which raises concerns about the potential impact of KandyKorn on the blockchain sector. To mitigate the risks posed by KandyKorn, it's crucial for organizations, especially those dealing with blockchain technology, to enforce robust cybersecurity measures. These may include regular system updates, employee education on identifying suspicious activity, and implementing advanced threat detection tools. As the situation evolves, staying informed about the latest developments related to KandyKorn will be critical to effectively responding to this threat.

Description last updated: 2024-03-17T13:19:57.379Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
TA444	3	TA444, also known as BlueNoroff, APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and other monikers, is a prolific North Korean state-backed threat actor known for its malicious cyber activities. The group has been continuously generating proprietary malware, distinguishing it from other
Spectralblur	3	SpectralBlur is a newly detected malware, identified as a macOS backdoor, that has been making headlines since the start of 2024. It was first spotted by cybersecurity experts who have tentatively attributed its creation and deployment to the Bluenoroff group. This malicious software, like others of
Bluenoroff	3	BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software,
Sockracket	2	None
Rustbucket	2	RustBucket is a malicious software (malware) campaign that was first uncovered in 2021 and attributed to BlueNoroff, a North Korea-linked Advanced Persistent Threat (APT) group. The malware is known for its ability to exploit and damage computer systems, often infiltrating through suspicious downloa

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Macos

Apt

Phishing

Python

Payload

Implant

Backdoor

Encrypt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Swiftloader	Unspecified	2	SwiftLoader is a sophisticated malware that functions as a PDF viewer to lure unsuspecting victims. It was initially used in the RustBucket campaign, where it served as a second-stage malware, infecting systems through seemingly innocent downloads such as documents sent to targets. Notably, SwiftLoa
Objcshellz	Unspecified	2	ObjCShellz is a lightweight but advanced malware written in Objective-C, identified by researchers from Jamf Threat Labs in November 2023. This malicious software is designed to infiltrate macOS systems and enable remote execution of commands by attackers. It is characterized by its advanced obfusca

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Lazarus Group	Unspecified	4	The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in several high-profile cyber attacks and exploitation activities. The group's objective often involves establishing a kernel read/write primitive, which allows them to gain high-level access to systems and

Source Document References

Information about the Kandykorn Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 460 by Pierluigi Paganini