• Tue. Apr 16th, 2024

BlueNoroff, a North Korean Hacking Group, Targets Apple Computers and Laptops in Recent Cyber Attacks

Avatar photo

ByHarper Stewart

Jun 5, 2023
BlueNoroff, a North Korean Hacking Group, Targets Apple Computers and Laptops in Recent Cyber Attacks
Harper Stewart
Latest posts by Harper Stewart (see all)

The RustBucket malware, specifically designed to target macOS users, creates a vulnerability for attackers to gain unauthorized access to sensitive data.

Jamf Threat Labs experts recognized the hacker organization BlueNoroff, a branch of the acknowledged North Korean Lazarus hackers, as the source of the recently discovered malware campaign that targets Apple macOS systems. The assaults employ the brand-new RustBucket malware, and the infection method is complex and difficult.

By impersonating a system program called PDF Viewer, the macOS virus that Jamf Threat Labs has uncovered spreads infection. However, it should be emphasized that since the hackers don’t appear to have attempted to fake the application’s signature, the assault’s efficacy only rests on whether a possible target manually grants the right to run the malicious script once Gatekeeper demands it.

In a successful script execution, the second-stage payload is downloaded from the remote server. It is a totally functional Objective-C PDF viewer that is used to start the attack chain after loading a particular malicious PDF file.

One of these nine-page documents, discovered by Jamf Threat Labs, purported to offer a “lucrative investment strategy,” but when opened, the previously mentioned PDF browser accessed the C2 server to download and run a third phase trojan known as “Mach-O.” This is a Rust executable that can carry out a sizable number of system reconnaissance instructions.

The assault tactics employed by the North Korean hackers in this campaign “impressed” the experts. They acknowledged that they were unable to identify the first point of infection and that a comprehensive investigation required not only the second-stage malware but also a specific PDF file serving as a key to run the malicious code.

 
Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.