Markets News Report
November 08, 2023

North Korean Hacker Group Lazarus BlueNoroff Targets Crypto Industry with macOS Malware

In Brief

Security firm Jamf has discovered a new macOS malware, deployed by North Korean hackers Lazarus BlueNoroff to target crypto exchanges.

North Korean Hackers Group Targets Crypto Industry with macOS Malware

Security researchers at Jamf have identified a new macOS malware, potentially deployed by the notorious North Korean hacker group known as Lazarus BlueNoroff.

This discovery follows recent incidents involving the KandyKorn malware, also attributed to North Korean operatives.

The BlueNoroff team has been utilizing a legitimate-looking cryptocurrency exchange blog, hosted under a domain resembling the genuine Swissborg site, to establish credibility. By splitting the command and control (C2) URL into two strings before recombining them, the malware evades detection based on static signatures.

Deception and Delivery from Hackers

BlueNoroff representatives, masquerading as investors or headhunters, approach their targets offering lucrative opportunities. Once they gain the target’s trust, they deliver the Trojan designed for macOS systems. Cryptocurrency platform operators should scrutinize their traffic control systems proactively to identify any related access records that might signal a breach.

Jamf has identified a malware named ObjCShellz, believed to be a sophisticated component of the so-called RustBucket Campaign, and it appears to function as a late-stage tool in a complex, multi-layered attack strategy. Despite its apparent simplicity, the remote shell it provides is highly effective, allowing attackers to execute macOS commands covertly.

The C2 server was abruptly taken offline when researchers began probing for more details, a common tactic to hinder investigations. However, the server’s shutdown could also indicate that the malware has already accomplished its objectives.

Implications for the Crypto Industry

The typosquatting domain suggests a phishing campaign targeting the Swissborg cryptocurrency exchange, characteristic of BlueNoroff’s RustBucket campaign. The situation underscores the group’s ongoing efforts to innovate in cyber warfare, developing malware undetected in previous security measures.

While the C2 server is currently inactive, industry stakeholders should not discount the threat. To mitigate risks, users should proactively block communication with known malicious IP addresses and stay alert for any potential reactivation that could trigger dormant infections.

The relentless advancements of the Lazarus/BlueNoroff group serve as a stark reminder of the persistent and evolving nature of cyber threats. With their capabilities extending into the development of new malware, the crypto industry must remain vigilant and proactive in adopting comprehensive cybersecurity strategies to protect their assets and users.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

More articles
Nik Asti
Nik Asti

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

Hot Stories
Join Our Newsletter.
Latest News

From Ripple to The Big Green DAO: How Cryptocurrency Projects Contribute to Charity

Let's explore initiatives harnessing the potential of digital currencies for charitable causes.

Know More

AlphaFold 3, Med-Gemini, and others: The Way AI Transforms Healthcare in 2024

AI manifests in various ways in healthcare, from uncovering new genetic correlations to empowering robotic surgical systems ...

Know More
Read More
Read more
Malta Embraces Crypto Future As Gate.MT CEO Highlights Next Wave Of Blockchain Evolution
News Report Technology
Malta Embraces Crypto Future As Gate.MT CEO Highlights Next Wave Of Blockchain Evolution
November 1, 2024
Binance Blockchain Week 2024 Ignites Dubai with Bold Visions for Web3, AI, and the Future of Crypto Innovation
Opinion Business Lifestyle Markets Technology
Binance Blockchain Week 2024 Ignites Dubai with Bold Visions for Web3, AI, and the Future of Crypto Innovation
November 1, 2024
Hedera Introduces Bonzo Finance Liquidity Layer To Catalyze DeFi Growth On Its Network
News Report Technology
Hedera Introduces Bonzo Finance Liquidity Layer To Catalyze DeFi Growth On Its Network
November 1, 2024
This Week in Crypto: Tokenized Treasuries, Cross-Chain Partnerships, and Bitcoin-Based DeFi Take Center Stage
Digest Business Markets Software Technology
This Week in Crypto: Tokenized Treasuries, Cross-Chain Partnerships, and Bitcoin-Based DeFi Take Center Stage
November 1, 2024