Cybersecurity researchers from Jamf has discovered a new macOS malware designed and distributed by the North Korean threat actor BlueNoroff.
ObjCShellz looks to execute shell commands sent from the attacker’s server, on compromised endpoints.
While Jamf couldn’t uncover how the malware was being distributed, it says that the campaign “greatly aligns” with a previous campaign called Rustbucket.
Part of Lazarus
“In this campaign, the actor reaches out to a target claiming to be interested in partnering with or offering them something beneficial under the guise of an investor or head hunter,” the researchers explained. “BlueNoroff often creates a domain that looks like it belongs to a legitimate crypto company in order to blend in with network activity.”
Jamf describes BlueNoroff as a “financially motivated hacking group” known for targeting crypto exchanges, financial organizations, and banks, all over the world.
Earlier reports also describe the group as a department within the Lazarus Group, a North Korean state-sponsored threat actor blamed for some of the biggest crypto heists in history.
Allegedly, Lazarus is part of the Reconnaissance General Bureau (RGB), the main intelligence agency of North Korea.
The researchers described ObjCShellz as a “fairly simple” but very functional malware that gets the job done. “This seems to be a theme with the latest malware we’ve seen coming from this APT group,” Jamf said.
“Based on previous attacks performed by BlueNoroff, we suspect that this malware was a late stage within a multi-stage malware delivered via social engineering.”
The last time we heard of BlueNoroff was in early July this year, when cybersecurity researchers from Elastic Security Labs found a new version of Rustbucket, targeting macOS endpoints.
The new version was said to be more persistent and harder to detect.
Via: BleepingComputer
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews