macOS and threat actors
For those on macOS, BlueNoroff (shoot off of Lazarus N.Korea) group is utilizing RustBucket against organizations around the world.
The malware-based attacks were discovered last December (2022) and research suggests this is the group’s first time targeting macOS. BlueNoroff have been leveraging Go to develop attack tools for different platforms. This is a side step to more traditional languages like C++ and Java.
The threat group is using RustBucket to deliver backdoors and execute other payloads on target systems. It is a multi-phase malware which is typically executed from a PDF that reached out to a C2C network. From there it downloads and installs a second phase payload for gathering intelligence from the target system.
Something else notable with the malware is that it can be used against Windows targets as well.
Stay safe and don’t click that link!