• Tue. Oct 17th, 2023

How North Korean Hackers use the Rust Malware to Pass Restrictions and Make Illegal Profits

Avatar photo

ByEsme Greene

Jul 15, 2023
Hackers Restrictions Illegal Profits
Esme Greene
Latest posts by Esme Greene (see all)

A new variant of the RustBucket virus that targets macOS users was discovered by researchers. This version has improved features for strong penetration and bypassing antivirus software detection. 

According to a recent analysis from Elastic Security Labs, “This variant of RustBucket – part of a malware family that attacks macOS systems – integrates persistence features never seen before.” Additionally, they stress how the revised RustBucket “applies a flexible network infrastructure strategy to manage and coordinate its actions”.

The North Korean cyberthreat actor going by the moniker BlueNoroff created the toolbox known as RustBucket. This is but one of the several cyber activities being watched by the prestigious hacking collective Lazarus Group. The Main Intelligence Directorate (RGB), North Korea’s top intelligence organization, in turn has influence over Lazarus Group.

In April 2023, Jamf Threat Labs identified the malware as an AppleScript-based backdoor that might accept a secondary payload from a remote server. This behavior is recorded by Elastic as REF9135. “The Bluenoroff hacker group’s recent activities amply displays how they employ cross-platform language in their attacks, which are intended to create dangerous software. 

According to the analytical analysis, this strategy “is most likely intended to empower and increase the number of potential victims.” Сompanies Sekoia, a French cybersecurity startup, will hold a RustBucket at the end of May 2023.

A macOS installation file that installs a phony but working PDF reader is the first link in the infection chain. The fact that the harmful activity is only started when a PDF file that has been infected is opened using a phony PDF reader is an important feature of the assaults. Phishing emails and the establishment of phony social media profiles are two examples of the initial entry vector.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.