North Korean hacking collective Lazarus Group has escalated its Mach-O Man malware campaign, specifically targeting cryptocurrency and fintech executives. Security firm CertiK attributes over $500 million in recent exploits to this operation, noting the group's accelerated institutional-scale attacks.

The modular macOS malware, developed by Lazarus's Chollima division, employs native Mach-O binaries to infiltrate Apple systems. Attackers use the ClickFix method—deceiving victims into executing malicious terminal commands—before erasing all traces of infection. Many compromised organizations remain unaware of breaches.

Since 2017, Lazarus has amassed approximately $6.7 billion in stolen crypto assets. Recent victims include DeFi protocols Drift and KelpDAO, with losses exceeding half a billion dollars in just two weeks. The group demonstrates surgical precision in targeting high-value digital asset holders.