A new malware variant targeting Apple’s macOS devices has been discovered, experts have warned.
A report from Greg Lesnewich, senior threat researcher at Proofpoint, who described the malware in more detail in a white paper. here, grades The malware is called SpectralBlur and is a “moderately capable” piece of code. It can upload, download or delete files, execute shell commands, and sleep and hibernate, he explained in more detail.
It was apparently designed and is being distributed by a subgroup of Lazarus, an infamous North Korean state-sponsored threat actor.
Chasing cryptocurrencies
Lesnewich made the connection through KANDYKORN (also known as SockRacket), a different malware previously identified as belonging to BlueNoroff. This group, also tracked by some researchers as TA444, is known to be a department of Lazarus. KANDYKORN is described as a remote access Trojan used to take over a compromised endpoint.
The findings led the researcher to conclude that the North Koreans are intensifying their attacks against macOS devices to compromise high-value targets. They are primarily interested in devices that belong to people in the cryptocurrency and blockchain industry.
“TA444 continues to work fast and furious with these new macOS malware families,” said Lesnewich.
Lazarus is known for targeting crypto companies, mostly so-called “bridge” projects. Each cryptocurrency has its own blockchain, and in order for multiple blockchains to interact, developers began to build “bridges.” These bridges, while typically audited by third-party security companies and independent code reviewers, are often released with serious flaws, allowing threat actors to siphon off huge amounts of money.
For example, on March 29, 2022, it was announced that Lazarus Group successfully exploited a flaw in the Ronin network and stole 173,600 Ether (ETH) and $25.5 million in coins from the Ronin cross-chain bridge. The total value of the stolen assets at the time was approximately $600 million, making it the second largest cryptocurrency theft of all time, just behind the 2021 Poly Network attack.
Through TheHackerNews
