North Korea Debuts SpectralBlur Malware Amid macOS Onslaught

  /     /     /  
Publicated : 23/11/2024   Category : security


North Korea Debuts SpectralBlur Malware Amid macOS Onslaught


The post-exploitation backdoor is the latest in a string of custom tools aimed at spying on Apple users.



The prolific North Korean state-backed threat actor known as TA444 is back with shiny new malware for targeting macOS users, dubbed SpectralBlur. The custom tool is the latest in a string of proprietary malware that the advanced persistent threat (APT) group has been consistently generating — a trait that sets it apart from other DPRK-sponsored threats.
According to Proofpoint threat researcher Greg Lesnewich, TA444 (aka
APT38
, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, and Stardust Chollima) debuted the SpectralBlur malware in August. Its a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [command-and-control server], he explained in a post on his personal blog this week.
TA444 often shares overlaps with its well-known cousin APT, Lazarus Group. For instance, Lesnewich noted that SpectralBlur malware contains similar strings within its code to the
KandyKorn macOS data stealer
, which emerged in early November in Lazarus Group campaigns used to target blockchain engineers connected to cryptocurrency exchanges. Proofpoint was subsequently able to link KandyKorn back to TA444 as well, via a phishing campaign analysis.
SpectralBlur is just the latest tool designed to go after
macOS users, who are becoming a particular focus for North Korean nation-state attackers
. TA444 keeps running fast and furious with these
new macOS malware families
, Lesnewich wrote.
Earlier analysis from Proofpoint
pointed out that malware creation
— particularly in the form of post-exploitation backdoors like SpectralBlur and KandyKorn — is where TA444 really stands out, suggesting that there is an embedded, or at least a devoted, malware development element alongside TA444 operators.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
North Korea Debuts SpectralBlur Malware Amid macOS Onslaught