“Researchers Discover BlueNoroff RustBucket Malware Variant Targeting MacOS” – A recent report from Jamf Threat Labs sheds light on the ongoing evolution of this attack and its potential targets.
“RustBucket, a Mac-targeting malware, is attributed to North Korean APT group BlueNoroff, a sub-group of Lazarus Group.”
Apple security experts at Jamf Threat Labs disclosed a new macOS malware variant believed to be linked to BlueNoroff, akin to RustBucket. The “latest stage” typically involves post-infection activities like data evasion, infection consolidation, and network lateral movement.
New Variant of BlueNoroff Malware
Jamf reports that BlueNoroff frequently adopts the persona of an investor or corporate headhunter when targeting potential victims. Additionally, the threat actors commonly establish domains resembling those of legitimate cryptocurrency companies to camouflage their network activities.
The detection of this new RustBucket-like variant occurred when Jamf researchers identified a macOS universal binary communicating with a domain previously labeled as malicious.
RustBucket places its targets at risk through tactics like deceptive emails, harmful websites, and automated downloads. Once a device is compromised, the malware communicates with control and command (C2) servers for the execution of diverse tasks. Particularly challenging is its ability to evade detection by antivirus scanners like VirusTotal, as demonstrated by the new variant.
Mac users could encounter significant issues with RustBucket and its kindred variants. Nonetheless, there are measures to safeguard your system:
- Exercise caution with email attachments, especially from unknown senders, as malware can be concealed in infected files.
- Keep your macOS up to date with the latest security patches to address known vulnerabilities.
- Install trustworthy antivirus software on your Mac to detect and block malicious websites, providing an additional layer of protection against threats like RustBucket.
Furthermore, BlueNoroff’s targets encompass a wide range of industries, including energy, telecommunications, and construction. Their attacks are designed to pilfer sensitive data, surveil communications, and disrupt systems.
Additionally, BlueNoroff has gained notoriety for targeting government bodies and political entities. Their objectives involve monitoring, infiltrating sensitive information, and impeding the functioning of these organizations’ systems.