Back

Bybit Reports macOS Malware Attack Targeting Crypto Wallet Extensions

According to CertiK, Lazarus Group’s Mach-O Man campaign uses fake meeting invitations and apparently routine business calls to trick crypto and fintech targets into compromising macOS systems.

Fact Check
The claim is well supported by the Bybit-distributed press release titled "AI empowered Bybit Security Team Uncovers macOS Malware Campaign Targeting Users Searching for Claude Code" and the related PR Newswire UK item, both of which describe a macOS malware campaign abusing Claude Code search intent through SEO poisoning and fake installer redirection. Those sources also state that the malware targeted more than 250 browser-based wallet extensions. The secondary report from BlockBeats independently matches those details and adds timing around mitigation. While I could not directly fetch Bybit’s own website or the exact supplied X posts due tool limits, the available Bybit-attributed primary distribution and consistent secondary coverage make the claim likely true.
    Reference12
Summary

The Lazarus Group-linked Mach-O Man macOS malware campaign is described by CertiK as a targeted operation against crypto and fintech executives that relies on social engineering, including fake online meeting invitations and apparently routine business calls. According to existing reporting, the campaign has also involved ClickFix tactics, SEO poisoning, fake Claude Code installation pages, fraudulent websites, and attacks on browser wallet extensions. Bybit previously said the operation targeted wallet credentials and device access, while CertiK attributed the activity to Lazarus Group and said it sought access to company and financial systems. The combined reporting indicates a macOS-focused campaign centered on deceptive communications and malicious prompts to compromise high-value industry targets.

Terms & Concepts
  • Lazarus Group: A cybercrime and espionage group widely linked to North Korea and frequently associated with attacks on cryptocurrency, financial, and technology targets.
  • macOS malware: Malicious software designed to infect Apple Mac computers and steal data, compromise credentials, or gain system access.
  • Social engineering: A manipulation technique that tricks people into revealing information or taking actions that compromise security.