RustBucket compromises its targets using various techniques, such as phishing emails, malicious websites, and drive-by downloads. “This executable was undetected on VirusTotal at the time of our analysis, piquing our interest,” Jamf stated. The discovery of ObjCShellz (RustBucket-like variant) was made after Jamf researchers found a macOS universal binary communicating with a domain previously classified as malicious. It’s also not uncommon for threat actors to create domains that appear to belong to a legitimate crypto company to blend in with network activity. “Later-stage” refers to after the initial infection occurs and often involves data exfiltration, establishing persistence, or lateral movement within a network.īlueNoroff often reaches out to potential victims under the disguise of an investor or company head hunter, according to Jamf. On Tuesday, Apple security experts at Jamf Threat Labs revealed details on what it believes to be a new later-stage macOS malware variant being tracked as ObjCShellz from BlueNoroff that closely aligns with RustBucket. It is the work of an Advanced Persistent Threat (APT) group out of North Korea called BlueNoroff, a sub-group of the nation-state’s well-known cybercrime enterprise Lazarus Group. RustBucket is a relatively new form of malware that specifically targets Mac users. What was first detected earlier in April, a new report from Jamf Threat Labs highlights how this attack continues to evolve and who its potential targets may be. Security researchers have pulled the curtain back on what appears to be a variant of the infamous RustBucket malware that targets macOS systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |