{"id":175698,"date":"2023-11-09T13:43:00","date_gmt":"2023-11-09T19:43:00","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/11\/n-koreas-bluenoroff-blamed-for-hacking-macos-machines-with-objcshellz-malware"},"modified":"2023-11-09T13:43:00","modified_gmt":"2023-11-09T19:43:00","slug":"n-koreas-bluenoroff-blamed-for-hacking-macos-machines-with-objcshellz-malware","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/11\/n-koreas-bluenoroff-blamed-for-hacking-macos-machines-with-objcshellz-malware","title":{"rendered":"N. Korea\u2019s BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/n-koreas-bluenoroff-blamed-for-hacking-macos-machines-with-objcshellz-malware2.jpg\"><\/a><\/p>\n<p>The development arrives days after Elastic Security Labs disclosed the Lazarus Group\u2019s use of a new macOS malware called <a href=\"https:\/\/thehackernews.com\/2023\/11\/north-korean-hackers-tageting-crypto.html\" rel=\"noopener\" target=\"_blank\">KANDYKORN<\/a> to target blockchain engineers.<\/p>\n<p>Also linked to the threat actor is a macOS malware referred to as <a href=\"https:\/\/thehackernews.com\/2023\/04\/lazarus-subgroup-targeting-apple.html\" rel=\"noopener\" target=\"_blank\">RustBucket<\/a>, an AppleScript-based backdoor that\u2019s designed to <a href=\"https:\/\/thehackernews.com\/2023\/07\/beware-new-rustbucket-malware-variant.html\" rel=\"noopener\" target=\"_blank\">retrieve a second-stage payload<\/a> from an attacker-controlled server.<\/p>\n<p>In these attacks, prospective targets are lured under the pretext of offering them investment advice or a job, only to kick-start the infection chain by means of a decoy document.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The development arrives days after Elastic Security Labs disclosed the Lazarus Group\u2019s use of a new macOS malware called KANDYKORN to target blockchain engineers. Also linked to the threat actor is a macOS malware referred to as RustBucket, an AppleScript-based backdoor that\u2019s designed to retrieve a second-stage payload from an attacker-controlled server. In these attacks, [\u2026]<\/p>\n","protected":false},"author":513,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3818,34],"tags":[],"class_list":["post-175698","post","type-post","status-publish","format-standard","hentry","category-blockchains","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/175698","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/513"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=175698"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/175698\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=175698"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=175698"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=175698"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}