SpectralBlur: The New macOS Backdoor Linked to North Korean Threat Actors
Reading Time: 3 Minutes
Cybersecurity researchers have uncovered a new macOS backdoor named SpectralBlur, which shares characteristics with a known malware family associated with North Korean threat actors.
According to security researcher Greg Lesnewich, SpectralBlur is a moderately capable backdoor that can perform various functions, such as uploading/downloading files, running a shell, updating its configuration, and executing commands from the command-and-control server.
The similarities between SpectralBlur and KANDYKORN, an advanced implant functioning as a remote access trojan, have raised concerns about the potential overlap between the two malware families. Notably, the KANDYKORN activity intersects with a campaign attributed to the Lazarus sub-group known as BlueNoroff, culminating in the deployment of a backdoor called RustBucket and a late-stage payload named ObjCShellz.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Recent observations indicate that the threat actor has been combining elements from these two infection chains, utilizing RustBucket droppers to deliver KANDYKORN. This trend suggests that North Korean threat actors are increasingly targeting macOS systems, particularly those within the cryptocurrency and blockchain industries.
Security researcher Patrick Wardle provided additional insights into SpectralBlur, noting that the Mach-O binary was uploaded to the VirusTotal malware scanning service from Colombia in August 2023. The malware’s attempts to hinder analysis and evade detection, such as using grantpt to set up a pseudo-terminal and execute shell commands from the C2 server, make it stand out.
Trending: Offensive Security Tool: SessionProbe
The discovery of SpectralBlur adds to the growing list of macOS-targeting malware families, including ransomware, information stealers, remote access trojans, and nation-state-backed malware. With the increasing popularity of macOS, especially in enterprise environments, experts anticipate a surge in new macOS malware in 2024.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
New Zergeca Botnet: A Powerful New Threat that Employs Advanced Evasion Tactics and DDoS Attacks
Twilio API Vulnerability: Threat Actors Access Millions of MFA User Numbers
New Malware Loader FakeBat Targets Users with SEO Poisoning and Fake Updates
New OpenSSH Vulnerability “regreSSHion” Enables Root Privileges on Linux Systems
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
