You can check the website statistics yourself or request them from us at [email protected]
On this platform, only organic high-quality traffic
Bitcoin
30,725

Jamf Spots New MacOS Crypto Malware Attributed to North Korea’s Lazarus BlueNoroff Group

The infamous hacking group known as BlueNoroff, which has connections to North Korea’s Lazarus, has introduced a new MacOS malware designed to target financial institutions.

This discovery was made by researchers at Jamf, a company specializing in Apple device management. The cybercriminals responsible for this attack have been concealing their activities behind the facade of a seemingly legitimate cryptocurrency exchange.

As detailed in a report published by Jamf on a Tuesday, the malicious payload communicates with a domain called swissborg[.]blog, which is under the control of the attackers. The individuals behind this attack registered the domain on May 31 and hosted it on an IP address that is part of the infrastructure associated with BlueNoroff.

According to the report, the malware employs a technique where it divides the command and control (C2) URL into two separate strings, which are then combined. This tactic appears to be an effort to avoid detection methods that rely on static analysis.

This development follows closely on the heels of the notorious Lazarus Group’s deployment of a new malware referred to as “Kandykorn” to target a cryptocurrency exchange. The Lazarus Group utilized a complex 5-stage process, including reflective loading, to deploy the advanced Kandykorn malware.

BlueNoroff, as a threat actor, has a specific focus on targeting cryptocurrencies, crypto startups, and financial institutions such as banks.

Similarities to RustBucket Campaign

Jamf Threat Labs has observed that the recently discovered malware, detected in a later stage, exhibits similarities to BlueNoroff’s RustBucket campaign. This campaign, identified in April of this year, is aimed at compromising macOS devices. The attackers approach their targets by posing as investors or headhunters, offering enticing partnership opportunities.

In the RustBucket campaign, BlueNoroff established a domain that mimicked the appearance of a legitimate cryptocurrency company. The intention behind this was to blend in with network activity and avoid detection. The Jamf research team used a similar methodology to uncover the new malware.

This new MacOS cryptocurrency malware has connections to various URLs within a single domain, which it uses for communication, as highlighted by Jamf. The malware is written in Objective-C and functions as a basic remote shell that executes shell commands sent from the attacker’s server.

It appears that the perpetrators of this malware likely use it in a later stage to manually execute commands after successfully compromising a system, according to experts. However, it’s important to note that this new malware is described as “very different” from the previously mentioned RustBucket malware.

Nonetheless, the experts point out that the attacker’s primary objective in both cases seems to be providing a basic remote shell capability.

Although the malware may appear relatively simple, it remains highly functional, assisting attackers in achieving their goals, as outlined in the report. The Jamf research team has given this new detection the name “ObjCShellz,” considering it as part of the RustBucket campaign.

They suspect that, based on previous attacks conducted by BlueNoroff, this malware represents a later stage within a multi-stage malware delivery process, likely involving social engineering tactics.

Related Posts

Leave a Reply

Confirm now and stay with our news

What we write about

I want to save money. Will cryptocurrency work?

Cryptocurrency is essentially virtual money that operates in a decentralized manner, not through a bank but directly on multiple independent computers.

Every cryptocurrency has two main components: the units of digital exchange called “coins” and the network within which the exchange takes place. These units can be transferred between wallets and exchanged on exchanges. The networks in which these coins exist are called blockchains, which translates to “chains of blocks.”

Latest Articles

Nearly 40% of Institutional Investors Had Crypto Exposure in 2023, Survey Reveals
24.05.2024By
Forex and Crypto Investment Fraud Busted in Malaysia, Ten Arrested and Millions Seized
24.05.2024By
Dormant Dogecoin Whale Becomes Active Again After A Decade
24.05.2024By

Latest news

Nearly 40% of Institutional Investors Had Crypto Exposure in 2023, Survey Reveals
24.05.2024
Forex and Crypto Investment Fraud Busted in Malaysia, Ten Arrested and Millions Seized
24.05.2024
Dormant Dogecoin Whale Becomes Active Again After A Decade
24.05.2024
Newly-Approved Spot Ether ETFs Could Start Trading by Mid-June: Analyst
24.05.2024
ESET And Dutch Police Uncover Ebury Botnet’s Crypto Theft Operation
23.05.2024
Fed Survey Finds 7% of US Adults Using Crypto, Down from Previous Years
23.05.2024
FTX-Funded Charity Effective Ventures Acted ‘Diligently’ Protecting Funds: UK Govt. Probe Conclude
23.05.2024
Ethereum Price Could Surge by 60% after Approval of Spot Ether ETFs in the US: QCP Capital
23.05.2024
Metaplanet Emerges as Top Gainer in Japanese Stocks After Adding Bitcoin to Reserves
23.05.2024
Biden Campaign Pleads For Donations To Compete With Crypto Execs Supporting Trump
22.05.2024