You can check the website statistics yourself or request them from us at [email protected]
On this platform, only organic high-quality traffic
Bitcoin
$ 30,725

Jamf Spots New MacOS Crypto Malware Attributed to North Korea’s Lazarus BlueNoroff Group

The infamous hacking group known as BlueNoroff, which has connections to North Korea’s Lazarus, has introduced a new MacOS malware designed to target financial institutions.

This discovery was made by researchers at Jamf, a company specializing in Apple device management. The cybercriminals responsible for this attack have been concealing their activities behind the facade of a seemingly legitimate cryptocurrency exchange.

As detailed in a report published by Jamf on a Tuesday, the malicious payload communicates with a domain called swissborg[.]blog, which is under the control of the attackers. The individuals behind this attack registered the domain on May 31 and hosted it on an IP address that is part of the infrastructure associated with BlueNoroff.

According to the report, the malware employs a technique where it divides the command and control (C2) URL into two separate strings, which are then combined. This tactic appears to be an effort to avoid detection methods that rely on static analysis.

This development follows closely on the heels of the notorious Lazarus Group’s deployment of a new malware referred to as “Kandykorn” to target a cryptocurrency exchange. The Lazarus Group utilized a complex 5-stage process, including reflective loading, to deploy the advanced Kandykorn malware.

BlueNoroff, as a threat actor, has a specific focus on targeting cryptocurrencies, crypto startups, and financial institutions such as banks.

Similarities to RustBucket Campaign

Jamf Threat Labs has observed that the recently discovered malware, detected in a later stage, exhibits similarities to BlueNoroff’s RustBucket campaign. This campaign, identified in April of this year, is aimed at compromising macOS devices. The attackers approach their targets by posing as investors or headhunters, offering enticing partnership opportunities.

In the RustBucket campaign, BlueNoroff established a domain that mimicked the appearance of a legitimate cryptocurrency company. The intention behind this was to blend in with network activity and avoid detection. The Jamf research team used a similar methodology to uncover the new malware.

This new MacOS cryptocurrency malware has connections to various URLs within a single domain, which it uses for communication, as highlighted by Jamf. The malware is written in Objective-C and functions as a basic remote shell that executes shell commands sent from the attacker’s server.

It appears that the perpetrators of this malware likely use it in a later stage to manually execute commands after successfully compromising a system, according to experts. However, it’s important to note that this new malware is described as “very different” from the previously mentioned RustBucket malware.

Nonetheless, the experts point out that the attacker’s primary objective in both cases seems to be providing a basic remote shell capability.

Although the malware may appear relatively simple, it remains highly functional, assisting attackers in achieving their goals, as outlined in the report. The Jamf research team has given this new detection the name “ObjCShellz,” considering it as part of the RustBucket campaign.

They suspect that, based on previous attacks conducted by BlueNoroff, this malware represents a later stage within a multi-stage malware delivery process, likely involving social engineering tactics.

Related Posts

Leave a Reply

Confirm now and stay with our news

What we write about

I want to save money. Will cryptocurrency work?

Cryptocurrency is essentially virtual money that operates in a decentralized manner, not through a bank but directly on multiple independent computers.

Every cryptocurrency has two main components: the units of digital exchange called “coins” and the network within which the exchange takes place. These units can be transferred between wallets and exchanged on exchanges. The networks in which these coins exist are called blockchains, which translates to “chains of blocks.”

Latest Articles

S&P Global Ratings joins Singapore MAS’s Project Guardian
28.06.2024By
Boden Memecoin Crashes After US President Biden’s Poor Debate Performance
28.06.2024By
Steno Research Expects $15-20B Inflows into Ether Spot ETFs, Predicts $6,500 Price Target
28.06.2024By

Latest news

S&P Global Ratings joins Singapore MAS’s Project Guardian
28.06.2024
Boden Memecoin Crashes After US President Biden’s Poor Debate Performance
28.06.2024
Steno Research Expects $15-20B Inflows into Ether Spot ETFs, Predicts $6,500 Price Target
28.06.2024
Bitcoin Mining Firm CleanSpark Acquires GRIID in $155M Stock Deal
28.06.2024
Elastos Partners With BEVM to Launch Bitcoin P2P Loans, Targeting $1.3T in Dormant Value
28.06.2024
Coinbase Files Lawsuits Against SEC, FDIC Over FOIA Request
27.06.2024
UK Watchdog Boosts Crypto Division to 100 Staff Members
27.06.2024
Hong Kong Government Explores DeFi and Metaverse to Boost Fintech Dominance
27.06.2024
Spot Ether ETFs May Receive US Approval by July 4: Report
27.06.2024
Bitcoin ETFs See Inflows for Second Consecutive Day as BTC Holds Steady at $60K
27.06.2024