: This campaign focuses on stealing cryptocurrency wallet keys (e.g., from Ledger Live or Exodus), Telegram session data, and macOS keychain databases.
: Because the source code was published for free, numerous variants have emerged in the wild. Threat actors frequently modify the code to bypass security detections or add new features like FUD-Loader to download additional malware. Related Threats: Sapphire Sleet saphire.zip
: The malware targets a wide range of data, including: : This campaign focuses on stealing cryptocurrency wallet
: By convincing users to manually run these files, the malware bypasses standard security layers like macOS Gatekeeper . General Security Best Practices Related Threats: Sapphire Sleet : The malware targets
: It can capture visual data of the victim's current activity.
: Once gathered, the data is compressed into a ZIP file and sent to the attacker via SMTP (email), Discord webhooks , or Telegram APIs .
Recent activity from the North Korean threat actor known as has also highlighted high-stakes social engineering campaigns targeting the finance and cryptocurrency sectors.
