<![CDATA[🚨#Lazarus Mach-O Man toolkit targets corporate systems and credentials, causing downtime and financial losses.]]>

#Lazarus Mach-O Man toolkit targets corporate systems and credentials, causing downtime and financial losses. A meeting invite in Telegram launches a multi-stage infection chain.

To evade detection, the malware disguises itself as legitimate system processes, deploying Mach-O binaries. The final stealer harvests browser extensions, saved credentials, and Keychain entries — exfiltrating everything via the Telegram Bot API.

️ Explore macrasv2 execution chain in a sandbox session and update your detection rules: https://app.any.run/tasks/94b9bc1f-86ff-4069-8222-1cb511d78ad9/?utm_source=mastodon&utm_medium=post&utm_campaign=lazarus_macos_case&utm_term=290426&utm_content=linktoservice

Stay one step ahead with defense tips: https://any.run/cybersecurity-blog/lazarus-macos-malware-mach-o-man/?utm_source=mastodon&utm_medium=post&utm_campaign=lazarus_macos_case&utm_term=290426&utm_content=linktoblog

#cybersecurity #infosec

]]>https://board.circlewithadot.net/topic/a90c048e-1952-4436-bcb4-5ccb42df8dd8/lazarus-mach-o-man-toolkit-targets-corporate-systems-and-credentials-causing-downtime-and-financial-losses.RSS for NodeTue, 26 May 2026 06:34:19 GMTWed, 29 Apr 2026 10:03:02 GMT60