Apple's growing market share — in a shrinking PC market — and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments.

Since at least December, North Korea's BlueNoroff threat actor — a subgroup of the broader Lazarus group — has been using malware dubbed RustBucket in financially motivated attacks against targeted organizations worldwide. The malware marks the threat group's first foray into the macOS realm and is an example of how attackers have increasingly begun using cross-platform languages like Go to develop attack tools for multiple platforms.

Researchers from Jamf Threat Labs reported on the malware in April 2023 after observing BlueNoroff using it to drop and execute various payloads on victim systems. The malware consists of a first-stage component (a backdoored but fully functional PDF reader) that reaches out to a remote command-and-control (C2) server, and installs a separate, second-stage payload for gathering specific information from the victim system and relaying it back to the attacker.

Jaron Bradley, senior manager of macOS detections at Jamf, says the sophistication is not only inside the malware itself, but the social engineering tactics that the attackers use in order to get onto victim systems. "This malware campaign targets Windows as well," Bradley says. "But the fact that the attackers have gone out of their way to include a macOS version of the malware tells us that … they have likely hit roadblocks in the past … on the macOS platform."

About the Author(s)

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights