Jamf Threat Labs has discovered a new later-stage malware variant from BlueNoroff that shares characteristics with their RustBucket campaign.
Jamf Threat Labs says BlueNoroff’s campaigns are financially motivated, frequently targeting cryptocurrency exchanges, venture capital firms and banks. During the Labs’ routine threat hunting, they discovered a Mach-O universal binary communicating with a domain that Jamf has previously classified as malicious. This executable was undetected on VirusTotal at the time of their analysis.
The malware is written in Objective-C and operates as a very simple remote shell that executes shell commands sent from the attacker server. Although it is not entirely clear how initial access was achieved, this malware is likely being used as a later stage to manually run commands after compromising a system.
This malware at a glance is very different from the previously mentioned RustBucket malware seen used in other attacks, but the attacker’s focus in both cases seems to be providing simple remote shell capability. Read Jamf Threat Labs’ complete report here.
Hours of lecture can be boring to students at any age. Concentration will dwindle with…
Relive the golden age of gaming with the My Arcade Atari Game Station Pro video…
In a new promotion, Apple has announced that you can get Star Wars: Galaxy of…
Canadian indie drama “A Hundred Lies” will premiere on June 7th on Apple TV+ with…
Apple’s iPhone sales in China fall 25% year-over-year in quarter one of 2024.
Apple wants its devices to better alert users when charging is needed.