The notorious North Korean threat group BlueNoroff allegedly launched a new malicious payload dubbed ObjCShellz malware to target macOS systems.
This novel malware shows how North Korean hackers constantly develop sophisticated tools to target every system, including macOS.
The ObjCShellz malware resembles a previous payload launched by North Korean hackers earlier this year.
Based on reports, the ObjCShellz malware displays notable similarities to the RustBucket malware campaign unveiled this year. During an investigation involving a Mach-O universal binary executable, a researcher first detected its presence in the wild.
Moreover, the researchers noticed that the executable communicates with a malicious domain, swissborg[.]blog, hosted on a specific IP address. Interestingly, the BlueNoroff hacking group has previously used this IP address to host various other components of their malicious operations.
As the name suggests, ObjCShellz is a malware strain coded in Objective-C and is a straightforward remote shell payload capable of running shell commands on compromised macOS systems. In addition, the attackers execute their commands are initiated from their command-and-control (C2) server.
As of now, the vector for malware distribution remains a mystery. However, many researchers believe the actors spread this malware through social engineering campaigns.
Furthermore, the investigation showed that the attackers focus on stealing crypto-related assets since they use swissborg[.]blog domain leads to individuals or entities interested in the cryptocurrency exchange sector.
This discovery comes when North Korea-sponsored groups like Lazarus modified their tactics and toolsets to broaden their attacks on macOS systems. Notably, the Lazarus group recently introduced a macOS malware named KANDYKORN, targeting blockchain engineers within an unspecified cryptocurrency exchange platform.
Separate researchers also reported an increase in the adaptation of these new techniques by threat actors in 2023, increasing the risk for macOS users. In a related event, the latest campaign that the attackers utilised to target macOS is the MetaStealer malware distributed via social engineering.
In conclusion, ObjCShellz represents the latest addition to the growing list of malware targeting macOS systems. The cybersecurity community should closely monitor this threat and its connection to the RustBucket campaign to respond quickly against such threats in case they become a serious threat in the future.
