{"id":175766,"date":"2023-11-10T10:16:27","date_gmt":"2023-11-10T16:16:27","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/11\/bluenoroff-hackers-backdoor-macs-with-new-objcshellz-malware"},"modified":"2023-11-10T10:16:27","modified_gmt":"2023-11-10T16:16:27","slug":"bluenoroff-hackers-backdoor-macs-with-new-objcshellz-malware","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/11\/bluenoroff-hackers-backdoor-macs-with-new-objcshellz-malware","title":{"rendered":"BlueNoroff hackers backdoor Macs with new ObjCShellz malware"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/bluenoroff-hackers-backdoor-macs-with-new-objcshellz-malware3.jpg\"><\/a><\/p>\n<p>The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/tag\/bluenoroff\/\" target=\"_blank\">BlueNorOff<\/a> is a financially motivated hacking group known for attacking cryptocurrency exchanges and financial organizations such as venture capital firms and banks worldwide.<\/p>\n<p>The malicious payload observed by Jamf malware analysts (labeled <em>ProcessRequest<\/em>) communicates with the <em>swissborg[.]blog<\/em>, an attacker-controlled domain registered on May 31 and hosted at <em>104.168.214[.]151<\/em> (an IP address part of BlueNorOff infrastructure).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices. BlueNorOff is a financially motivated hacking group known for attacking cryptocurrency exchanges and financial organizations such as venture capital firms and banks worldwide. The malicious payload observed by Jamf malware analysts [\u2026]<\/p>\n","protected":false},"author":662,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761,34,45],"tags":[],"class_list":["post-175766","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies","category-cybercrime-malcode","category-finance"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/175766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/662"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=175766"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/175766\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=175766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=175766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=175766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}