RustBucket: Crackers Are Targeting Macs With New Malware

Cybersecurity researchers at JamF revealed that a group called BlueNoroff would be targeting Macs with new malware, the RustBucket. According to the experts, the malicious software is able to collect system data and even determine whether it is running in a virtual environment.

In practice, RustBucket disguises itself as a simple PDF reader application. It has an icon that appears to be harmless and its name is displayed as Internal PDF Viewer. However, it creates a bait for users to click on a fake file and starts communicating with a command and control server (C&C or C2).

According to JamF personnel, once the system is infected, the malicious software can collect information, steal sensitive data, delete or modify files, install additional files and take control of the system. With this information, whoever is invading the machine can use it as they wish.

The malware used here shows that as macOS grows in market share, attackers realize that a number of victims will be immune if their tool is not updated to include the Apple ecosystem.

The researchers said they believe BlueNoroff has close ties to the Lazarus, another group suspected of spreading malware and even stealing $620 million in cryptocurrency. Both are believed to be allied with the interests of the North Korean government.

via Security Week