North Korea's Lazarus Group Is Now Targeting Mac Users With a Sneaky New Trick

Lazarus Group targets macOS users in FinTech via fake calls, installing malware to steal credentials. Learn how to protect yourself.

By Content Team

Apr 25, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

North Korea's Lazarus Group is running a ClickFix campaign against macOS users in FinTech, crypto, and leadership roles. Attackers reach targets via Telegram — often through a compromised contact's account — with fake Zoom or Google Meet invites. Once on the call, victims are told to run a command to fix connection issues, unknowingly installing malware called macrasv2, which steals credentials, browser sessions, and macOS Keychain data before self-deleting. Security firm Any.Run flagged the campaign on April 21. The fix? Train employees to never run commands to solve connectivity problems — especially on Macs.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Major Polyfill Attack That Hit 100K Websites Traced Back to North Korean Hackers

Mar 15, 2026

FortiGate Firewalls Under Attack: Hackers Exploit Critical Vulnerabilities to Steal Corporate Credentials

Mar 15, 2026

Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks

Jan 2, 2026

Critical Microsoft Word Zero-Day Exploited in Wild Attacks

Mar 3, 2026