North Korea-linked APT Lazarus Group has been spotted targeting the cryptocurrency business again. The group is using custom PowerShell scripts to communicate with malicious command-and-control servers (C2s) that are hosted on compromised servers. MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea. The campaign has been active since at least November 2018, according to an analysis from Kaspersky Lab, which said various malware payloads are being distributed via documents containing weaponized macros.
Source: https://threatpost.com/lazarus-tactics-cryptocurrency-attacks/143249/