January 5, 2024 at 08:42AM
Security researchers have uncovered SpectralBlur, a new macOS backdoor linked to the North Korean malware family KandyKorn. The malware, with capabilities such as file manipulation and communication with the command-and-control server, shares similarities with KandyKorn. It is believed to be another addition to the arsenal of Lazarus, a prominent North Korean hacking group since 2009.
Based on the meeting notes, it is clear that security researchers have uncovered a new macOS backdoor called SpectralBlur, which seems to be linked to the North Korean malware family KandyKorn. The malware displays typical backdoor capabilities and was initially dissected by Greg Lesnewich, and later analyzed by Patrick Wardle, both arriving at similar conclusions. The backdoor is designed to receive commands from a command-and-control (C&C) server and communicates over sockets wrapped in RC4. Both SpectralBlur and KandyKorn appear to be separate malware families developed based on similar requirements. Additionally, it was suggested that SpectralBlur is another tool in the arsenal of Lazarus, a North Korean hacking group known to be active for several years. These findings are significant and should be taken into consideration for further security measures.