North Korean-Linked macOS Malware Targets Cryptocurrency Sector with RustDoor and Koi Stealer
Feb. 26, 2025, 4:46 p.m.
Description
A recent campaign attributed to North Korean threat actors has been identified, targeting macOS users in the cryptocurrency industry. The attackers employ sophisticated social engineering techniques, posing as recruiters to lure job-seeking software developers into downloading malicious software. The malware suite includes "RustDoor," a Rust-based backdoor masquerading as legitimate software updates, and a previously undocumented macOS variant of "Koi Stealer," designed to exfiltrate sensitive information
Tags
Date
- Created: Feb. 26, 2025, 4:41 p.m.
- Published: Feb. 26, 2025, 4:41 p.m.
- Modified: Feb. 26, 2025, 4:46 p.m.
Indicators
- c42b103b42d7e9817f93cb66716b7bf2e4fe73a405e0fbbae0806ce8b248a304
- c379f4ab29a49d4bccb232c8551d1b8b01e64440ea495bbabef9010a519516c3
- baa676b671e771bf04b245e648f49516b338e1f49cbd9b4d237cc36d57ab858d
- b5412375477a180608bf410f5cb36b4a0949bee7663648a06879f42be9a3b6bc
- b5119a49830a2044f406645c261e54ab335c9b1e1ed320df758405a8147fae88
- a900ec81363358ef26bcdf7827f6091af44c3f1001bc8f52b766c9569b56faa5
- adde2970b40634e91b9ef8520f8e50eaa7901a65f9230e65d7995ac1a47700ef
- a5b7ddd12539ce3e8c08bed5855ddcea3217d41d7d4c58fcc1a7e01336b38912
- 97abafff549ea21797c135c965c5e4a46a44ec7353b2edd293e8a22d5954b6aa
- 8f0e2b8b3e07f5761066cb00bc0db10d68c56ada8c054e9f07990cc1ac5ae962
- 8be62324fe5af009c12fb9afc8d4f47d12c98ea680bff490b3f5e0c72c8f9617
- 77361f7ef25a0185636a0fc6deff2e9986720223da9d6b1494f671082105bebb
- 76f96a35b6f638eed779dc127f29a5b537ffc3bb7accc2c9bfab5a2120ea6bc9
- 27fcc3278afbbec44737e9f72666946607fea819f5b1cb9fbbe268037a561f0b
- 17064520feaf5804aa725e123b24fd0f73f8afc9b7f4361650cd11ddf4ee768f
- 5.255.101.148
- 31.41.244.92
- https://visualstudiomacupdate.com
- https://apple-ads-metric.com
- apple-ads-metric.com
- visualstudiomacupdate.com
Attack Patterns
- Koi Stealer
- T1059.004
- T1056.001
- T1113
- T1071.001
- T1070.004
- T1105
- T1140
- T1027