Security News > 2023 > July > Beware: New 'Rustbucket' Malware Variant Targeting macOS Users
Researchers have pulled back the curtain on an updated version of an Apple macOS malware called Rustbucket that comes with improved capabilities to establish persistence and avoid detection by security software.
"This variant of Rustbucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed," Elastic Security Labs researchers said in a report published this week, adding it's "Leveraging a dynamic network infrastructure methodology for command-and-control."
The malware came to light in April 2023, when Jamf Threat Labs described it as an AppleScript-based backdoor capable of retrieving a second-stage payload from a remote server.
It's the first instance of BlueNoroff malware specifically targeting macOS users, although a.NET version of RustBucket has since surfaced in the wild with a similar set of features.
"This recent Bluenoroff activity illustrates how intrusion sets turn to cross-platform language in their malware development efforts, further expanding their capabilities highly likely to broaden their victimology," French cybersecurity company Sekoia said in an analysis of the RustBucket campaign in late May 2023.
"In the case of this updated RUSTBUCKET sample, it establishes its own persistence by adding a plist file at the path /Users//Library/LaunchAgents/com.apple.systemupdate.plist, and it copies the malware's binary to the following path /Users//Library/Metadata/System Update," the researchers said.
News URL
https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)