North Korean Hackers Employ Blended macOS Malware Tactics to Elude Detection
North Korean hackers associated with the Lazarus Group are combining different elements of their macOS malware campaigns, using RustBucket droppers to deliver the KANDYKORN malware. Cybersecurity firm SentinelOne has linked a third macOS-specific malware called ObjCShellz to the RustBucket campaign. The Lazarus Group is utilizing a backdoored version of a PDF reader app, SwiftLoader, to distribute KANDYKORN, demonstrating the evolving and collaborative nature of North Korean cyber threats. This tactic makes it challenging for defenders to track and attribute malicious activities. Additionally, a subgroup within Lazarus, Andariel, has been implicated in cyber attacks exploiting a security flaw in Apache ActiveMQ.