Malware Known as ObjCShellz Detected Attacking macOS Systems
The BlueNoroff APT group, based in North Korea, is associated with a new malware strain that targets macOS systems. The malware, named ObjCShellz, bears resemblances to the RustBucket malware campaign, revealed earlier this year.
A new malware variant known as ObjCShellz has been identified by cybersecurity experts, with suspected ties to the notorious BlueNoroff APT group, an outfit believed to be operating out of North Korea. This newly uncovered malware is specifically designed to infiltrate macOS systems and bears resemblances to the RustBucket malware operation exposed earlier this year.
Here's a closer look at this emerging threat:
- Jamf Threat Labs stumbled upon ObjCShellz during an investigation into a Mach-O universal binary executable that was found to be interacting with a suspicious domain, swissborg[.]blog.
- This domain was pinpointed on an IP address with a history of use by BlueNoroff actors for hosting a variety of other questionable domains.
- ObjCShellz, as indicated by its moniker, is crafted in Objective-C and functions as a rudimentary remote shell, which executes commands on the affected systems. These directives are transmitted from a command-and-control (C2) server under the adversaries' control.
- The precise method of infiltration remains unclear, but indications suggest that the malware might be disseminated as a secondary payload, following initial compromise, likely through social engineering tactics.
The identities of the targets in the ObjCShellz campaign have not been fully determined, but the domain involved implies that the attackers may have aimed at individuals or organizations with interests in the cryptocurrency exchange realm.
This incident is part of a concerning trend, as groups with alleged ties to North Korea, such as Lazarus, are constantly refining their strategies and toolkits to intensify their assaults on macOS platforms. The Lazarus group, for example, was recently discovered deploying a macOS malware named KANDYKORN against blockchain engineers at a specific cryptocurrency exchange.
Additionally, SentinelOne researchers have highlighted that 2023 has seen a shift in the modus operandi of cybercriminals targeting Macs, raising the threat level for macOS users. In one reported case, MetaStealer malware was employed through social engineering methods to target businesses operating with macOS.
In conclusion, the emergence of ObjCShellz represents the latest threat to macOS users, with ongoing investigations by Jamf Threat Labs into its connections with the RustBucket campaign. The cybersecurity community remains vigilant, tracking the evolution and spread of such malware in the digital landscape.