Today > | 7 High | 13 Medium | 5 Low vulnerabilities   -   You can now download lists of IOCs here!

BlueNoroff used macOS malware with novel persistence

Nov. 8, 2024, 10:22 a.m.

Description

SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign called 'Hidden Risk'. The attackers, linked to BlueNoroff, used fake cryptocurrency news emails and a malicious app disguised as a PDF to deliver multi-stage malware. The malware uses a novel persistence technique exploiting the Zsh configuration file to bypass macOS security notifications. The campaign has been active since July 2024 and shows BlueNoroff's continued focus on targeting the crypto and Web3 sectors with evolving tactics.

Date

Published: Nov. 8, 2024, 12:02 a.m.

Created: Nov. 8, 2024, 12:02 a.m.

Modified: Nov. 8, 2024, 10:22 a.m.

Attack Patterns

LessonOne

growth

BlueNoroff

T1547

T1105

T1204

T1027

T1566

T1059

Additional Informations

Finance