Markets News Report
November 08, 2023

North Korean Hacker Group Lazarus BlueNoroff Targets Crypto Industry with macOS Malware

In Brief

Security firm Jamf has discovered a new macOS malware, deployed by North Korean hackers Lazarus BlueNoroff to target crypto exchanges.

North Korean Hackers Group Targets Crypto Industry with macOS Malware

Security researchers at Jamf have identified a new macOS malware, potentially deployed by the notorious North Korean hacker group known as Lazarus BlueNoroff.

This discovery follows recent incidents involving the KandyKorn malware, also attributed to North Korean operatives.

The BlueNoroff team has been utilizing a legitimate-looking cryptocurrency exchange blog, hosted under a domain resembling the genuine Swissborg site, to establish credibility. By splitting the command and control (C2) URL into two strings before recombining them, the malware evades detection based on static signatures.

Deception and Delivery from Hackers

BlueNoroff representatives, masquerading as investors or headhunters, approach their targets offering lucrative opportunities. Once they gain the target’s trust, they deliver the Trojan designed for macOS systems. Cryptocurrency platform operators should scrutinize their traffic control systems proactively to identify any related access records that might signal a breach.

Jamf has identified a malware named ObjCShellz, believed to be a sophisticated component of the so-called RustBucket Campaign, and it appears to function as a late-stage tool in a complex, multi-layered attack strategy. Despite its apparent simplicity, the remote shell it provides is highly effective, allowing attackers to execute macOS commands covertly.

The C2 server was abruptly taken offline when researchers began probing for more details, a common tactic to hinder investigations. However, the server’s shutdown could also indicate that the malware has already accomplished its objectives.

Implications for the Crypto Industry

The typosquatting domain suggests a phishing campaign targeting the Swissborg cryptocurrency exchange, characteristic of BlueNoroff’s RustBucket campaign. The situation underscores the group’s ongoing efforts to innovate in cyber warfare, developing malware undetected in previous security measures.

While the C2 server is currently inactive, industry stakeholders should not discount the threat. To mitigate risks, users should proactively block communication with known malicious IP addresses and stay alert for any potential reactivation that could trigger dormant infections.

The relentless advancements of the Lazarus/BlueNoroff group serve as a stark reminder of the persistent and evolving nature of cyber threats. With their capabilities extending into the development of new malware, the crypto industry must remain vigilant and proactive in adopting comprehensive cybersecurity strategies to protect their assets and users.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

More articles
Nik Asti
Nik Asti

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

Hot Stories

Top Investment Projects of the Week 25-29.03

by Viktoriia Palchik
March 29, 2024
Join Our Newsletter.
Latest News

Custom HTML

by Valentin Zamarin
August 08, 2024

Top Investment Projects of the Week 25-29.03

by Viktoriia Palchik
March 29, 2024

Supply and Demand Zones

Cryptocurrency, like any other currency, is a financial instrument based on the fundamental economic principles of supply ...

Know More

Top 10 Crypto Wallets in 2024

With the current fast-growing crypto market, the significance of reliable and secure wallet solutions cannot be emphasized ...

Know More
Read More
Read more
Custom HTML
News Report
Custom HTML
August 8, 2024
Modular Blockchain Sophon Raises $10M Funding from Paper Ventures and Maven11 Amid Veil of Mystery
Business News Report
Modular Blockchain Sophon Raises $10M Funding from Paper Ventures and Maven11 Amid Veil of Mystery
March 29, 2024
Arbitrum Foundation Announces Third Phase Of Grants Program, Opens Applications From April 15th
News Report Technology
Arbitrum Foundation Announces Third Phase Of Grants Program, Opens Applications From April 15th
March 29, 2024
Vitalik Buterin Advocates For Memecoins’ Potential In Crypto Sector, Favors ‘Good Memecoins’
News Report Technology
Vitalik Buterin Advocates For Memecoins’ Potential In Crypto Sector, Favors ‘Good Memecoins’
March 29, 2024