Lazarus Subgroup Strikes Again: New RustBucket Malware Threatens Apple 

Reading Time: ( Word Count: )

April 25, 2023
Nextdoorsec-course

Devices “RustBucket is a brand-new kind of malware for Apple macOS that is thought to have been created by a North Korean hacker with monetary objectives. The malware communicates with command and control servers and downloads various payloads. The virus was traced to the BlueNoroff gang, a subset of the more comprehensive Lazarus group called by several other names, notably APT28 and Sapphire Sleet, according to the Apple device administration business Jamf Threat Labs

RustBucket and BlueNoroff are linked because of strategic and operational similarities to an initial attack attacking Japanese financial institutions that Kaspersky disclosed at the end of 2022. As a component of a hacking group known as CryptoCore, BlueNoroff is notorious for complex malware-enabled thefts focusing on the SWIFT network and digital currency exchanges.

Read Also: “New EvilExtractor Malware: The All-in-One Stealer Making Waves on the Dark Web”

New RustBucket Malware Threatens Apple

Jamf researchers found that RustBucket is disguised as an “Internal PDF Viewer” application. Nevertheless, it is an AppleScript program to get an additional payload from a distant server. This load, also known as RustBucket, is a simple Objective-C program that only starts the subsequent stage of the assault chain once a booby-trapped PDF document is accessed using the program. The PDF file used as a key to execute the malicious code is a nine-page document purporting to offer an “investment strategy.”

It must be clear how initial access is obtained or whether the attacks succeeded. However, the results demonstrate how attackers modify their toolkits to support multi-platform viruses in languages such as Go and Rust. The Lazarus Corporation is currently implicated in an escalating supply chain assault that infiltrated 3CX and contaminated its Windows and macOS programs via trojanized drivers of the legal program X_TRADER. 

The Reconnaissance General Bureau (RGB), North Korea’s leading intelligence-gathering organization, is home to several funded by the state and illegal hacking outfits collectively known as the Lazarus Project. Another equally active category is Kimsuky, which focuses on South Korean and US-based companies and people specializing in defense and security, especially nuclear security and non-proliferation regulations, who serve the state, military, production, educational, and policy-making sectors. 

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *