EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Lazarus group launches new macOS malware campaigns targeting crypto executives and wallets

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-22 12:48 UTCUpdated 2026-04-22 20:49 UTC
redditrss
cryptomalwaremacossecurityhacks
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (4)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
New Mac Malware 'MacSync' Stealing Crypto Wallets
U.Today · News · u.today · 2026-04-22 15:27 UTC
limited source diversity in top sources
View all evidence
Overview

Security researchers have identified new macOS malware campaigns linked to North Korea's Lazarus Group targeting the crypto and fintech sectors.

Entities
CertiKSlowMistMach-O ManMacSync Stealer
Score total
1.58
Momentum 24h
4
Posts
4
Origins
3
Source types
2
Duplicate ratio
0%
Why now
  • Recent discovery of multiple macOS malware campaigns linked to Lazarus Group.
  • Targeting of crypto executives via fake meeting invites is a novel social engineering tactic.
  • Emergence of MacSync Stealer malware specifically designed to drain crypto wallets.
Why it matters
  • Highlights increasing cybersecurity threats to crypto executives and infrastructure on macOS.
  • Demonstrates evolving tactics by state-linked threat actors targeting crypto sector.
  • Signals need for enhanced security awareness and defenses in crypto and fintech firms.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • Lazarus Group uses fake meeting invites to deliver macOS malware targeting crypto and fintech executives.
  • New macOS malware called MacSync Stealer is designed to steal cryptocurrency wallets and infrastructure credentials.
How sources frame it
  • Cointelegraph: neutral
  • Crypto.News: neutral
  • U.Today: neutral
All evidence
All evidence
New Mac Malware 'MacSync' Stealing Crypto Wallets
U.Today · u.today · 2026-04-22 15:27 UTC
Lazarus Group Malware Targets Crypto, Business Execs via macOS
CryptoCurrency · cointelegraph.com · 2026-04-22 14:36 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • Crypto.News (1)
  • U.Today (1)
  • CryptoCurrency (1)
Top origin domains (this list)
  • crypto.news (1)
  • u.today (1)
  • cointelegraph.com (1)