New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses

## Executive Summary The report analyzes an active Lazarus Group campaign delivering a native Go-based macOS malware kit dubbed "Mach-O Man" via Telegram-based meeting lures (ClickFix), which tricks users into executing terminal commands to install a multi-stage infection (stager → profiler → persistence → stealer) that harvests browser credentials, macOS Keychain items, and system data and exfiltrates it over Telegram; the analysis includes behavioral details, IOCs (IPs, domains, file hashes, persistence artifacts), ATT&CK mappings, and remediation/detection recommendations.