North Korean state hackers have debuted a fresh Mac malware targeting users in the US and Japan, which researchers characterize as “dumbed down” but effective.
An arm of the DPRK’s notorious Lazarus Group, BlueNoroff has been known to raise money for the Kim regime by targeting financial institutions — banks, venture capital firms, cryptocurrency exchanges and startups — and the individuals who use them.
Since earlier this year, researchers from Jamf Threat Labs have been tracking a BlueNoroff campaign they call “RustBucket,” targeting MacOS systems. In a blog published on Tuesday, they revealed a new malicious domain mimicking a crypto exchange, and a rudimentary reverse shell called “ObjCShellz,” which the group is using to compromise new targets.