Researchers identify MacOS malware that can execute remote code in memory. Trojan is believed to be the work of the powerful North Korean APT group Lazarus. The installer is hosted on a website called unioncrypto.vip that advertises a smart cryptocurrency arbitrage trading platform but provides no download links. MacOS hacker Patrick Wardle breaks down the malware step by step to show how it can remotely download and execute payloads directly from memory on MacOS.
Source: https://threatpost.com/stealthy-macos-malware-lazarus-apt/150881/