North Koreas BlueNoroff APT Debuts Dumbed Down macOS Malware

  /     /     /  
Publicated : 23/11/2024   Category : security


North Koreas BlueNoroff APT Debuts Dumbed Down macOS Malware


Kim Jong-Uns hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.



North Korean state hackers have debuted a fresh Mac malware targeting users in the US and Japan, which researchers characterize as dumbed down but effective.
An arm of the DPRKs notorious Lazarus Group, BlueNoroff has been known to
raise money for the Kim regime
by targeting financial institutions — banks, venture capital firms,
cryptocurrency exchanges and startups
— and the individuals who use them.
Since earlier this year, researchers from Jamf Threat Labs have been tracking a BlueNoroff campaign they call RustBucket, targeting MacOS systems. In
a blog published on Tuesday
, they revealed a new malicious domain mimicking a crypto exchange, and a rudimentary reverse shell called ObjCShellz, which the group is using to compromise new targets.
Weve seen a lot of actions from this group over the past few months — not just us, but multiple security companies, says Jaron Bradley, director at Jamf Threat Labs. The fact that they are able to accomplish their objectives using this dumbed down malware is definitely notable.
ObjCShellzs first red flag was the domain it connected to: swissborg[.]blog, with an address eerily similar to swissborg.com/blog, a site run by the legitimate cryptocurrency exchange SwissBorg.
This was consistent with BlueNoroffs latest social engineering tactics. In
its ongoing RustBucket campaign
, the threat actor has been reaching out to targets under the guise of being a recruiter or investor, bearing offers or the potential for partnership. Keeping up the ruse often involves registering command-and-control (C2) domains mimicking legitimate financial websites in order to blend in with ordinary network activity, the researchers explained.
The example below was captured by the Jamf team from the website of a legitimate venture capital fund, and used by BlueNoroff in its phishing efforts.
After initial access comes its
MacOS-based malware — a growing trend
and recent specialty of BlueNoroff.
Theyre targeting developers and individuals that are holding these cryptocurrencies, Bradley explains, and, in opportunistic fashion, the group has not been content to target only those using one operating system. You could go after a victim on a Windows computer, but a lot of times those users are going to be on Mac. So if you opt not to target that platform, then youre potentially opting out of a very large amount of cryptocurrency that could be stolen.
From a technical standpoint, however, ObjCShellz is utterly simplistic — a simple reverse shell for Apple computers, enabling command execution from an attackers server. (The researchers suspect this tool is used in the late stages of multi-staged attacks.)
The binary was uploaded once from Japan in September, and three times from a US-based IP in mid-October, the Jamf researchers added.
In light of BlueNoroffs successes stealing crypto, Bradley urges Mac users to stay as vigilant as their Windows brethren.
Theres a lot of false understanding about how Macs are inherently safe, and theres definitely some truth to that, he says. Mac is a safe operating system. But when it comes to social engineering, anyones susceptible to running something malicious on their computer.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
North Koreas BlueNoroff APT Debuts Dumbed Down macOS Malware