Security researchers linked a new “Mach-O Man” malware kit to a Lazarus campaign that uses fake meeting invites and ClickFix prompts to steal credentials and access corporate systems on macOS.