Apple's growing market share — in a shrinking PC market — and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments.
June 1, 2023
Since at least December, North Korea's BlueNoroff threat actor — a subgroup of the broader Lazarus group — has been using malware dubbed RustBucket in financially motivated attacks against targeted organizations worldwide. The malware marks the threat group's first foray into the macOS realm and is an example of how attackers have increasingly begun using cross-platform languages like Go to develop attack tools for multiple platforms.
Researchers from Jamf Threat Labs reported on the malware in April 2023 after observing BlueNoroff using it to drop and execute various payloads on victim systems. The malware consists of a first-stage component (a backdoored but fully functional PDF reader) that reaches out to a remote command-and-control (C2) server, and installs a separate, second-stage payload for gathering specific information from the victim system and relaying it back to the attacker.
Jaron Bradley, senior manager of macOS detections at Jamf, says the sophistication is not only inside the malware itself, but the social engineering tactics that the attackers use in order to get onto victim systems. "This malware campaign targets Windows as well," Bradley says. "But the fact that the attackers have gone out of their way to include a macOS version of the malware tells us that … they have likely hit roadblocks in the past … on the macOS platform."
About the Author(s)
You May Also Like
Unleash the Power of Gen AI for Application Development, Securely
March 19, 2024The Anatomy of a Ransomware Attack, Revealed
March 20, 2024How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
March 26, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024