“Lazarus Subgroup Strikes Again: New RustBucket Malware Threatens Apple 

Cybercrime | Latest Cyber News

Reading Time: ( Word Count: )

0 Comment(s)
April 25, 2023
Nextdoorsec-course

Devices “RustBucket is a brand-new kind of malware for Apple macOS that is thought to have been created by a North Korean hacker with monetary objectives. The malware communicates with command and control servers and downloads various payloads. The virus was traced to the BlueNoroff gang, a subset of the more comprehensive Lazarus group called by several other names, notably APT28 and Sapphire Sleet, according to the Apple device administration business Jamf Threat Labs

RustBucket and BlueNoroff are linked because of strategic and operational similarities to an initial attack attacking Japanese financial institutions that Kaspersky disclosed at the end of 2022. As a component of a hacking group known as CryptoCore, BlueNoroff is notorious for complex malware-enabled thefts focusing on the SWIFT network and digital currency exchanges.

Read Also: “New EvilExtractor Malware: The All-in-One Stealer Making Waves on the Dark Web”

New RustBucket Malware Threatens Apple

Jamf researchers found that RustBucket is disguised as an “Internal PDF Viewer” application. Nevertheless, it is an AppleScript program to get an additional payload from a distant server. This load, also known as RustBucket, is a simple Objective-C program that only starts the subsequent stage of the assault chain once a booby-trapped PDF document is accessed using the program. The PDF file used as a key to execute the malicious code is a nine-page document purporting to offer an “investment strategy.”

It must be clear how initial access is obtained or whether the attacks succeeded. However, the results demonstrate how attackers modify their toolkits to support multi-platform viruses in languages such as Go and Rust. The Lazarus Corporation is currently implicated in an escalating supply chain assault that infiltrated 3CX and contaminated its Windows and macOS programs via trojanized drivers of the legal program X_TRADER. 

The Reconnaissance General Bureau (RGB), North Korea’s leading intelligence-gathering organization, is home to several funded by the state and illegal hacking outfits collectively known as the Lazarus Project. Another equally active category is Kimsuky, which focuses on South Korean and US-based companies and people specializing in defense and security, especially nuclear security and non-proliferation regulations, who serve the state, military, production, educational, and policy-making sectors. 

Saher

Saher

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Top AI Cybersecurity Companies to Consider in 2023

Top AI Cybersecurity Companies to Consider in 2023

Cyber Security
Artificial intelligence (AI) has appeared as a powerful tool in cybersecurity. As the rate and sophistication of ...
60 Chat GPT Prompts for Cyber Security by Experts

60 Chat GPT Prompts for Cyber Security by Experts

Cyber Security
Chat GPT, powered by advanced natural language processing and artificial intelligence techniques, has emerged as a ...
Penetration Testing vs. Security Testing: Unraveling the Differences

Penetration Testing vs. Security Testing: Unraveling the Differences

Cyber Security
In today's increasingly interconnected world, ensuring the security of digital systems and networks is paramount. ...
Internal vs. External Penetration Testing: Making the Right Choice

Internal vs. External Penetration Testing: Making the Right Choice

Cyber Security
Penetration testing, often called pen testing, is crucial to ensuring the security and resilience of computer ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *