North Korean Hacking Group BlueNorOff Targets macOS Users

The North Korean-backed group BlueNorOff, known for targeting cryptocurrency exchanges and financial institutions, is using new macOS malware called ObjCShellz to compromise Apple customers. The malware opens remote shells on compromised devices. The malicious payload, named ProcessRequest, communicates with the attacker-controlled domain swissborg[.]blog, hosted at 104.168.214[.]151, part of BlueNorOff's infrastructure. This domain mimics a legitimate cryptocurrency exchange, swissborg.com/blog, to evade detection. This activity aligns with BlueNorOff's Rustbucket campaign, where they impersonate potential partners or investors by creating domains that resemble legitimate crypto companies. Read more...