Malware, Threat Management

Novel macOS malware leveraged in BlueNoroff attacks

SecurityWeek reports that North Korean advanced persistent threat group BlueNoroff believed to be a Lazarus hacking operation subgroup has been launching attacks leveraging the new macOS malware dubbed "RustBucket." Such attacks involved the deployment of an unsigned Internal PDF Viewer application that includes first-stage malware facilitating the retrieval and execution of the second-stage payload that spoofs Apple's legitimate bundle identifier, according to a report from Jamf. Researchers noted that a third-stage Rust-based trojan is then retrieved to facilitate system information gathering in devices running on ARM and x86 architectures. "The malware used here shows that as macOS grows in market share, attackers realize that a number of victims will be immune if their tooling is not updated to include the Apple ecosystem. Lazarus group, which has strong ties to BlueNoroff, has a long history of attacking macOS and its likely well see more APT groups start doing the same," said Jamf.

Related

Rootkit capabilities likely with Windows bugs

Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.

Abusing GitHub flaw could compromise GitLab

Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.