Member
- Joined
- Oct 14, 2023
- Messages
- 225
- Thread Author
- #1
Previously unknown malware is fraught with many undisclosed details.
Jamf, an Apple product security company, has identified a new type of malware developed by the North Korean cybercrime group BlueNorOff (APT38). The group is known for its attacks on banks, cryptocurrency exchanges and venture capital businesses.
The malware, created on the basis of Objective-C, functions as a simple remote shell, which allows attackers to send commands to infected macOS devices and execute them, providing remote control of the system. Until recently, the malware successfully avoided detection by existing antivirus solutions.
The discovery was made after suspicious activity was detected between the executable file and a malicious domain that visually imitated a legitimate cryptocurrency exchange. swissborg.com. This tactic corresponds to the well-known BlueNorOff method of using phishing domains to mask their operations.
Jamf Threat Labs assigned the detected malware the name ObjCShellz and assigned it to the RustBucket campaign. Despite its external difference from malicious programs used in the past, hackers goals remain unchanged: they seek to gain remote access to target systems in order to control them and conduct fraudulent operations
Jamf, an Apple product security company, has identified a new type of malware developed by the North Korean cybercrime group BlueNorOff (APT38). The group is known for its attacks on banks, cryptocurrency exchanges and venture capital businesses.
The malware, created on the basis of Objective-C, functions as a simple remote shell, which allows attackers to send commands to infected macOS devices and execute them, providing remote control of the system. Until recently, the malware successfully avoided detection by existing antivirus solutions.
The discovery was made after suspicious activity was detected between the executable file and a malicious domain that visually imitated a legitimate cryptocurrency exchange. swissborg.com. This tactic corresponds to the well-known BlueNorOff method of using phishing domains to mask their operations.
Jamf Threat Labs assigned the detected malware the name ObjCShellz and assigned it to the RustBucket campaign. Despite its external difference from malicious programs used in the past, hackers goals remain unchanged: they seek to gain remote access to target systems in order to control them and conduct fraudulent operations