- Mar 13, 2022
Researchers have pulled back the curtain on an updated version of an Apple macOS malware called Rustbucket that comes with improved capabilities to establish persistence and avoid detection by security software.
"This variant of Rustbucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed," Elastic Security Labs researchers said in a report published this week, adding it's "leveraging a dynamic network infrastructure methodology for command-and-control."
RustBucket is the work of a North Korean threat actor known as BlueNoroff, which is part of a larger intrusion set tracked under the name Lazarus Group, an elite hacking unit supervised by the Reconnaissance General Bureau (RGB), the country's primary intelligence agency.
The malware came to light in April 2023, when Jamf Threat Labs described it as an AppleScript-based backdoor capable of retrieving a second-stage payload from a remote server. Elastic is monitoring the activity as REF9135.
North Korea's BlueNoroff, part of Lazarus Group, has upgraded their macOS malware, Rustbucket, to avoid detection and persist longer.