2023-11-07 18:49:13
A few years following RustBucket, new Mac malware made by the group has now been discovered BlueNoroff. This is a subgroup of the cybersecurity and cybercrime unit of the North Koreao Lazarus Groupknown for its online scams and dissemination of malicious software.
The malware of the moment, named ObjCShellz, was detected by the cybersecurity consultancy Jamf Threat Labs, not even being known by antivirus software like VirusTotal. It uses a digital signature to disguise itself and connects to a domain that spoofs the website of a cryptocurrency platform.
This link makes sense considering that BlueNoroff often tries to lure victims by pretending to be an investor or someone hiring people. The domain is used to receive and send information to the crackers’ server; While Jamf was investigating the new malware, other URLs used for communication were discovered and the hackers’ server crashed, likely in response to being discovered.
The malicious software was built using the Objective-C programming language, used to develop apps for macOS. The malware acts as a remote control, allowing agents to send commands in a way that is not detected by the system, separating the commands into two concatenated branches.
After infection, the malware sends a signal to the attackers. System and victim information is then captured, while communications are disguised as normal traffic. Through command and control (C2) servers, malicious software is then executed on the victim’s computer.
Despite its relative simplicity, the malware proves to be effective, being part of BlueNoroff’s strategy to infiltrate computers using direct and disguised tools, without victims noticing. The group’s objectives are mainly financial, in order to steal digital assets from people around the world.
Jamf stated that it does not yet have details regarding who the malware was officially used once morest. However, considering attacks that occurred this year and the domain used by this malicious software, it was probably used once morest a company in the cryptocurrency industry or that works closely with the industry.
To protect yourself from the threat, the consultancy reinforced general recommendations to protect yourself when browsing online. They include being careful with attachments in emails and possible scams. phishing, especially when the sender is unknown, as well as keeping your Mac updated, downloading secure apps, using antivirus and firewall, and setting secure passwords. It is also important to monitor bank accounts to observe possible unknown/unauthorized transactions early.
via AppleInsider
1699433727
#Mac #malware #North #Korean #group #detected
