Devices “RustBucket is a brand-new kind of malware for Apple macOS that is thought to have been created by a North Korean hacker with monetary objectives. The malware communicates with command and control servers and downloads various payloads. The virus was traced to the BlueNoroff gang, a subset of the more comprehensive Lazarus group called by several other names, notably APT28 and Sapphire Sleet, according to the Apple device administration business Jamf Threat Labs. 

RustBucket and BlueNoroff are linked because of strategic and operational similarities to an initial attack attacking Japanese financial institutions that Kaspersky disclosed at the end of 2022. As a component of a hacking group known as CryptoCore, BlueNoroff is notorious for complex malware-enabled thefts focusing on the SWIFT network and digital currency exchanges.

Read Also: “New EvilExtractor Malware: The All-in-One Stealer Making Waves on the Dark Web”

Jamf researchers found that RustBucket is disguised as an “Internal PDF Viewer” application. Nevertheless, it is an AppleScript program to get an additional payload from a distant server. This load, also known as RustBucket, is a simple Objective-C program that only starts the subsequent stage of the assault chain once a booby-trapped PDF document is accessed using the program. The PDF file used as a key to execute the malicious code is a nine-page document purporting to offer an “investment strategy.”

It must be clear how initial access is obtained or whether the attacks succeeded. However, the results demonstrate how attackers modify their toolkits to support multi-platform viruses in languages such as Go and Rust. The Lazarus Corporation is currently implicated in an escalating supply chain assault that infiltrated 3CX and contaminated its Windows and macOS programs via trojanized drivers of the legal program X_TRADER. 

The Reconnaissance General Bureau (RGB), North Korea’s leading intelligence-gathering organization, is home to several funded by the state and illegal hacking outfits collectively known as the Lazarus Project. Another equally active category is Kimsuky, which focuses on South Korean and US-based companies and people specializing in defense and security, especially nuclear security and non-proliferation regulations, who serve the state, military, production, educational, and policy-making sectors.