Cybersecurity researchers have uncovered a new macOS malware strain, ObjCShellz, attributing it to the North Korea-linked nation-state group known as BlueNoroff. This threat actor has been connected to five ransomware-as-a-service (RaaS) programs over the past four years, showcasing a broad and impactful cybercriminal history.
ObjCShellz and RustBucket Malware Campaign
ObjCShellz has been identified as a component of the RustBucket malware campaign, which gained attention earlier this year. Jamf Threat Labs, responsible for disclosing details about ObjCShellz, shed light on its use as part of this sophisticated malware campaign orchestrated by BlueNoroff.
Operating under various aliases such as APT38, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and TA444, BlueNoroff is a subgroup of the infamous Lazarus Group. With a focus on financial crimes, especially targeting banks and the crypto sector, BlueNoroff aims to circumvent sanctions and generate illicit profits for the North Korean regime.
ObjCShellz: A Simple Yet Potent Remote Shell
ObjCShellz, coded in Objective-C, functions as a remote shell capable of executing commands sent from the attacker’s server. Despite its apparent simplicity, this malware serves as a late-stage component within a multi-stage attack, often delivered through social engineering tactics.
While the exact targets of ObjCShellz remain undisclosed, the malware’s functionalities suggest a probable focus on companies within the cryptocurrency industry or closely associated sectors. BlueNoroff’s intricate campaigns typically lure victims with promises of investment advice or job opportunities before initiating the infection chain with a decoy document.
The Collaborative Landscape of North Korea-Sponsored Groups
The disclosure of ObjCShellz follows recent revelations of the Lazarus Group’s use of another macOS malware, KANDYKORN, targeting blockchain engineers. The interconnected nature of North Korea-sponsored groups, sharing tools and tactics, indicates a collaborative and evolving approach among them.
In response to North Korea’s escalating cyber activities, the U.S., South Korea, and Japan have established a trilateral high-level cyber consultative group. The primary objective is to counter cyber activities that serve as a significant funding source for North Korea’s weapons development.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: