Bad Apple Alert: North Korean Hackers’ New Malware Targets Mac Users and Cryptocurrency Enthusiasts

BlueNorOff’s back in the orchard, folks! This time, they’re armed with ObjCShellz, a new macOS malware. Who’s the apple of their eye? Cryptocurrency enthusiasts. This North Korean-backed group’s rotten to the core, creating remote shells on compromised devices and sowing seeds of chaos. BlueNorOff macOS Malware Attacks: a new kind of worm in your apple!

Hot Take:

Just when you thought it was safe to go back into the Apple orchard, the North Korean-backed BlueNorOff group comes along with a new type of malware for macOS. This bad apple, dubbed ObjCShellz, is all set to open some rather unfriendly shells on compromised devices. And guess who’s in the crosshairs? You guessed it, cryptocurrency enthusiasts! It seems like BlueNorOff has developed a taste for digital gold and is using some pretty crafty tricks to get its hands on it.

Key Points:

  • BlueNorOff, a North Korean-backed hacking group, is targeting Apple customers with a new macOS malware called ObjCShellz.
  • This malware creates remote shells on compromised devices, a feature quite distinct from previous payloads deployed by BlueNorOff.
  • The threat group is known for attacking financial organizations and cryptocurrency exchanges worldwide.
  • The malicious payload communicates with an attacker-controlled domain, attempting to blend in with legitimate network activity to evade detection.
  • BlueNorOff has previously been linked to numerous attacks on cryptocurrency startups globally and has even been sanctioned by the U.S. Treasury.

Need to know more?

Apples and Oranges

ObjCShellz is an Objective-C-based malware, and unlike the rest of the crop from BlueNorOff, it's designed specifically to create remote shells on compromised macOS systems. The initial access vector remains a mystery, making the situation all the more intriguing (or terrifying, depending on your perspective).

A Bad Case of Identity Theft

In an impressive feat of digital mimicry, the malware communicates with an attacker-controlled domain that mimics a legitimate cryptocurrency exchange's website. This is just another day at the office for BlueNorOff, which is known to create domains that look like they belong to legitimate companies to blend in with network activity.

Not Their First Rodeo

BlueNorOff has been busy bees in the past as well, having been linked to a string of attacks on cryptocurrency startups worldwide. In fact, their activities landed them in hot water with the U.S. Treasury, which sanctioned them along with two other North Korean hacking groups. All this, and they still find time to launch new attacks. Talk about multi-tasking!

The Great Crypto Heist

And just in case you thought they were small-time crooks, the FBI attributed the largest crypto hack ever to BlueNorOff and their partners in crime, Lazarus. The hack of Axie Infinity's Ronin network bridge led to the theft of Ethereum and USDC tokens worth over $617 million at the time. Now, that's a heist that would make even the Ocean's Eleven team blush!
Tags: BlueNoroff, cryptocurrency exchanges, Financial cyberattacks, Lazarus Group, macOS malware, North Korean Hacking Groups, North Korean state hackers, ObjCShellz,