- A North Korean hacker group has launched the RustBucket malware.
- The malware targets macOS users, posing a threat to the crypto community.
- It utilizes a compromised PDF reader to execute malicious commands.
In a concerning event for the crypto community, the North Korean hacker group Bluenoroff has unleashed a new wave of cyber threats by deploying the RustBucket malware, specifically designed to target macOS users.
Security researchers at Jamf recently released a report shedding light on this sophisticated malware, and further investigations by Sekoia.io analysts have uncovered alarming details that raise concerns for users of Apple’s macOS platform.
Bluenoroff, believed to be affiliated with RGB’s Bureau 121 and operating since at least 2015, has primarily focused on generating revenue through financially-driven campaigns. According to the report, previous targets have included crypto exchanges and venture capital entities across Europe, Asia, the United States, and the United Arab Emirates.
The report noted that Bluenoroff’s RustBucket malware leverages the power of Rust and Objective-C programming languages and operates through a multi-layered infection chain. The malware utilizes a compromised PDF reader that tricks users into unwittingly executing malicious commands.
Once a specific PDF file is opened in the backdoored reader, RustBucket establishes communication with a Command-and-Control server, allowing the hackers to control the compromised system and potentially access sensitive crypto-related information.
The researcher noted that this novel technique adds complexity to the tracking and analysis process, as identifying the fake PDF readers and obtaining the appropriate PDF file is crucial for obtaining meaningful results from sandboxes.
Notably, Coin Edition reported alarming cases of malware-related crypto fraud recently. Last week, the U.S. Department of Justice unsealed two indictments charging a Russian national with ransomware attacks against critical infrastructure.
The accused allegedly used three different ransomware variants to target victims in various sectors, including law enforcement agencies, healthcare organizations, and government agencies.