January 5, 2024 at 11:15AM Cybersecurity researchers have identified a new Apple macOS backdoor called SpectralBlur, attributed to North Korean threat actors. It has capabilities such as uploading/downloading files and running shell commands. The malware shares similarities with KANDYKORN, showcasing the growing focus of North Korean threat actors on macOS, particularly in cryptocurrency and blockchain … Read more
January 5, 2024 at 08:42AM Security researchers have uncovered SpectralBlur, a new macOS backdoor linked to the North Korean malware family KandyKorn. The malware, with capabilities such as file manipulation and communication with the command-and-control server, shares similarities with KandyKorn. It is believed to be another addition to the arsenal of Lazarus, a prominent North … Read more
November 28, 2023 at 12:43PM North Korean APT groups are using a mix of malware components from KandyKorn and RustBucket to avoid detection and continue their operations. They are targeting macOS machines to attack cryptocurrency exchanges and raise money for the Kim Jong Un regime. The groups are taking evasive steps by mixing loaders and … Read more
November 28, 2023 at 12:06AM The Lazarus Group, a North Korean threat actor, has been observed combining elements from two separate macOS malware strains, RustBucket and KANDYKORN. They are using RustBucket droppers to deliver the KANDYKORN malware. Another macOS-specific malware called ObjCShellz has also been linked to the RustBucket campaign by cybersecurity firm SentinelOne. This … Read more
November 7, 2023 at 10:03AM Security firm Jamf has discovered a new macOS malware called ObjCShellz that is believed to be used by North Korean hackers to target cryptocurrency exchanges. The malware, tracked as part of the RustBucket Campaign, allows attackers to deliver macOS instructions and collect responses while remaining undetected. Although the purpose of … Read more
November 3, 2023 at 03:00PM The Lazarus group, a North Korean APT group, has developed macOS malware called “KandyKorn” to target blockchain engineers connected to cryptocurrency exchanges. The malware has capabilities to steal data, including cryptocurrency services and applications. The group used a multistage approach involving a Python application distributed through a public Discord server. … Read more
November 2, 2023 at 03:24PM The Lazarus hacking group, believed to be linked to North Korea, has been targeting blockchain engineers of a cryptocurrency exchange platform with a new macOS malware called ‘KandyKorn’. The attackers use social engineering to trick victims into downloading a malicious ZIP file disguised as a legitimate arbitrage bot. The malware, … Read more
November 1, 2023 at 05:36AM State-sponsored threat actors from North Korea’s Lazarus Group have been targeting blockchain engineers of a crypto exchange platform through Discord using a new macOS malware called KANDYKORN. The attacks involve social engineering lures and a multi-stage process to deliver the malware. The Lazarus Group has previously used macOS malware in … Read more