- Dark Web Trio Sentenced - October 15, 2023
- Dymocks Data: Darknet Hit? - October 15, 2023
- Dark Web Forum Shows How to Synthesize Methamphetamine at Home - October 4, 2023
The RustBucket malware, specifically designed to target macOS users, creates a vulnerability for attackers to gain unauthorized access to sensitive data.
Jamf Threat Labs experts recognized the hacker organization BlueNoroff, a branch of the acknowledged North Korean Lazarus hackers, as the source of the recently discovered malware campaign that targets Apple macOS systems. The assaults employ the brand-new RustBucket malware, and the infection method is complex and difficult.
By impersonating a system program called PDF Viewer, the macOS virus that Jamf Threat Labs has uncovered spreads infection. However, it should be emphasized that since the hackers don’t appear to have attempted to fake the application’s signature, the assault’s efficacy only rests on whether a possible target manually grants the right to run the malicious script once Gatekeeper demands it.
In a successful script execution, the second-stage payload is downloaded from the remote server. It is a totally functional Objective-C PDF viewer that is used to start the attack chain after loading a particular malicious PDF file.
One of these nine-page documents, discovered by Jamf Threat Labs, purported to offer a “lucrative investment strategy,” but when opened, the previously mentioned PDF browser accessed the C2 server to download and run a third phase trojan known as “Mach-O.” This is a Rust executable that can carry out a sizable number of system reconnaissance instructions.
The assault tactics employed by the North Korean hackers in this campaign “impressed” the experts. They acknowledged that they were unable to identify the first point of infection and that a comprehensive investigation required not only the second-stage malware but also a specific PDF file serving as a key to run the malicious code.