North Korea Is Recycling Mac Malware. That's Not the Worst Part

“Why would you develop something new when three-letter agencies and other groups are creating just incredible malware that’s fully featured, fully tested, and a lot of times has even already been tested in the wild.”"The Lazarus Group programmers either googled this or saw the presentation about it."Patrick Wardle, JamfResearchers saw Lazarus Group using early iterations of the loader in 2016 and 2018, and the tool has continued to evolve and mature. It's interesting that the Lazarus Group programmers either googled this or saw the presentation about it at the Infiltrate conference in 2017 or something."This reuse illustrates the benefits to attackers of recycling sophisticated malware tools—whether they come from intelligence agencies or open source research. In some cases, attackers have to extensively overhaul found malware to reuse it, but often, as is the case with the Lazarus loader, they can simply make small tweaks like changing the command and control address to point to their own server rather than the original developer’s.