Malware, Threat Management

Novel macOS malware leveraged in BlueNoroff attacks

SecurityWeek reports that North Korean advanced persistent threat group BlueNoroff believed to be a Lazarus hacking operation subgroup has been launching attacks leveraging the new macOS malware dubbed "RustBucket." Such attacks involved the deployment of an unsigned Internal PDF Viewer application that includes first-stage malware facilitating the retrieval and execution of the second-stage payload that spoofs Apple's legitimate bundle identifier, according to a report from Jamf. Researchers noted that a third-stage Rust-based trojan is then retrieved to facilitate system information gathering in devices running on ARM and x86 architectures. "The malware used here shows that as macOS grows in market share, attackers realize that a number of victims will be immune if their tooling is not updated to include the Apple ecosystem. Lazarus group, which has strong ties to BlueNoroff, has a long history of attacking macOS and its likely well see more APT groups start doing the same," said Jamf.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.