Security News > 2024 > August > New macOS Malware TodoSwift Linked to North Korean Hacking Groups

New macOS Malware TodoSwift Linked to North Korean Hacking Groups
2024-08-21 11:00

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups.

"This application shares several behaviors with malware we've seen that originated in North Korea - specifically the threat actor known as BlueNoroff - such as KANDYKORN and RustBucket," Kandji security researcher Christopher Lopez said in an analysis.

Late last year, Elastic Security Labs also uncovered another macOS malware tracked as KANDYKORN that was deployed in connection with a cyber attack targeting blockchain engineers of an unnamed cryptocurrency exchange platform.

A common trait that connects the two malware families lies in the use of linkpc[.

Both RustBucket and KANDYKORN are assessed to be the work of a hacking crew called the Lazarus Group.

"The use of a Google Drive URL and passing the C2 URL as a launch argument to the stage 2 binary is consistent with previous DPRK malware affecting macOS systems," Lopez said.


News URL

https://thehackernews.com/2024/08/new-macos-malware-todoswift-linked-to.html