Top macOS Malware Threats: Here Are 6 to Watch
Apple's growing market share — in a shrinking PC market — and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments.
June 1, 2023
Since at least December, North Korea's BlueNoroff threat actor — a subgroup of the broader Lazarus group — has been using malware dubbed RustBucket in financially motivated attacks against targeted organizations worldwide. The malware marks the threat group's first foray into the macOS realm and is an example of how attackers have increasingly begun using cross-platform languages like Go to develop attack tools for multiple platforms.
Researchers from Jamf Threat Labs reported on the malware in April 2023 after observing BlueNoroff using it to drop and execute various payloads on victim systems. The malware consists of a first-stage component (a backdoored but fully functional PDF reader) that reaches out to a remote command-and-control (C2) server, and installs a separate, second-stage payload for gathering specific information from the victim system and relaying it back to the attacker.
Jaron Bradley, senior manager of macOS detections at Jamf, says the sophistication is not only inside the malware itself, but the social engineering tactics that the attackers use in order to get onto victim systems. "This malware campaign targets Windows as well," Bradley says. "But the fact that the attackers have gone out of their way to include a macOS version of the malware tells us that … they have likely hit roadblocks in the past … on the macOS platform."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024