Lazarus Subgroup Strikes Again: New RustBucket Malware Threatens Apple 

Reading Time: ( Word Count: )

April 25, 2023
Nextdoorsec-course

Devices “RustBucket is a brand-new kind of malware for Apple macOS that is thought to have been created by a North Korean hacker with monetary objectives. The malware communicates with command and control servers and downloads various payloads. The virus was traced to the BlueNoroff gang, a subset of the more comprehensive Lazarus group called by several other names, notably APT28 and Sapphire Sleet, according to the Apple device administration business Jamf Threat Labs

RustBucket and BlueNoroff are linked because of strategic and operational similarities to an initial attack attacking Japanese financial institutions that Kaspersky disclosed at the end of 2022. As a component of a hacking group known as CryptoCore, BlueNoroff is notorious for complex malware-enabled thefts focusing on the SWIFT network and digital currency exchanges.

Read Also: “New EvilExtractor Malware: The All-in-One Stealer Making Waves on the Dark Web”

New RustBucket Malware Threatens Apple

Jamf researchers found that RustBucket is disguised as an “Internal PDF Viewer” application. Nevertheless, it is an AppleScript program to get an additional payload from a distant server. This load, also known as RustBucket, is a simple Objective-C program that only starts the subsequent stage of the assault chain once a booby-trapped PDF document is accessed using the program. The PDF file used as a key to execute the malicious code is a nine-page document purporting to offer an “investment strategy.”

It must be clear how initial access is obtained or whether the attacks succeeded. However, the results demonstrate how attackers modify their toolkits to support multi-platform viruses in languages such as Go and Rust. The Lazarus Corporation is currently implicated in an escalating supply chain assault that infiltrated 3CX and contaminated its Windows and macOS programs via trojanized drivers of the legal program X_TRADER. 

The Reconnaissance General Bureau (RGB), North Korea’s leading intelligence-gathering organization, is home to several funded by the state and illegal hacking outfits collectively known as the Lazarus Project. Another equally active category is Kimsuky, which focuses on South Korean and US-based companies and people specializing in defense and security, especially nuclear security and non-proliferation regulations, who serve the state, military, production, educational, and policy-making sectors. 

Saher Amari

Saher Amari

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Experts’ Choice: Top Network Security Tools You Need to Know

Experts’ Choice: Top Network Security Tools You Need to Know

In the ever-evolving landscape of cyber threats, safeguarding the sanctum of computer network security has become ...
How Important is Physical and Cyber Security for Businesses: A Comprehensive Overview

How Important is Physical and Cyber Security for Businesses: A Comprehensive Overview

Physical and cyber security have become increasingly important for businesses of all sizes in today's digital age. ...
What Are the Best CCTV Cameras to Invest In: A Comprehensive Guide

What Are the Best CCTV Cameras to Invest In: A Comprehensive Guide

Investing in CCTV cameras is a smart move for anyone looking to secure their property. With the rise in crime ...
Unveiling the Mystery: Does TikTok Notify When You Save Someone’s Videos?

Unveiling the Mystery: Does TikTok Notify When You Save Someone’s Videos?

TikTok, with its rapidly growing user base and innovative content, has become a pivotal platform in today’s ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *