A new macOS backdoor threat called SpectralBlur has been discovered from North Korean hackers. This malicious software bears similarities to KANDYKORN, an advanced implant that functions as a remote access trojan capable of taking control of a compromised host. Additionally, it is noted that KANDYKORN is associated with a backdoor named RustBucket, orchestrated by BlueNoroff (also known as TA444), and a subsequent payload named ObjCShellz. In recent months, observations have revealed that threat actors have combined different parts of these two infection chains and utilized RustBucket droppers to deliver KANDYKORN. These findings are considered an indication of North Korean threat actors’ increasing interest in infiltrating macOS, particularly to target high-value entities in the cryptocurrency and blockchain sectors.
Related Posts
The Price Of Grand Base Token Dropped By 99% After The Hack
Grand Base (GB), a real-world asset tokenization protocol operating on Coinbase’s native layer-2 blockchain, suffered a loss of $1.7 million following a compromise of private keys. The breach shook the crypto community and led to the loss. This event caused...
The Leading Cybersecurity Agency in The United States was Attacked
US officials discovered last month that a federal agency responsible for cybersecurity was hacked and had to take two important computer systems offline. According to US officials briefed on the matter, the affected systems of the US Cybersecurity and Infrastructure...
Russian Computer Hackers Stole Microsoft Source Code
Microsoft has announced that a notorious hacker group supported by the Russian government, known as Midnight Blizzard (also known as APT29 or Cosy Bear), managed to gain access to some source code repositories and internal systems following a hack that...