Beware of RustBucket new macOS malware disguised as PDF viewer. The cybersecurity world is abuzz with the news of a new malware variant targeting Apple devices. Dubbed RustBucket, this malware poses as a fake macOS PDF viewer, which can deliver the stage-two malware to the target endpoints.
Contents
RustBucket New macOS Malware
RustBucket New macOS Malware is a loader malware that delivers the stage-two malware to the target endpoint. The cybercriminals distribute RustBucket under the filename “Internal PDF Viewer.” While researchers did not discuss distribution channels, it’s believed that the malware is being sent via phishing emails and malicious websites.
The Three-Stage Attack
The RustBucket malware requires the victim to manually override the Gatekeeper protections to work. If the victim does that, they risk getting a second-stage payload, written in Objective-C. This second-stage payload delivers the final payload, which is a Mach-O executable written in Rust. This malware can run system reconnaissance commands.
The Clever PDF Viewer Technique
The PDF viewer technique used by the attackers is quite clever. In order to execute the malicious code within the application, not only do researchers need the stage-two malware, but they also require the correct PDF file that operates as a key. This technique makes it difficult to analyze and detect the malware.
The Threat Actor Behind the Campaign
The threat actor behind this campaign is called BlueNoroff, which is sometimes referred to as APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, or TA444. BlueNoroff is a part of the Lazarus Group, an infamous state-sponsored threat actor from North Korea. Lazarus is one of the world’s most well-known threat actors and responsible for several high-profile attacks, including the Harmony bridge attack that occurred in June 2022, resulting in the theft of $100 million in various cryptocurrencies. The group was also behind an attack on the Ronin bridge that took place earlier in 2022, where they stole $625 million in various cryptocurrencies.
How to Protect Yourself
To protect yourself from the RustBucket malware and other similar threats, follow these tips:
1. Update your software regularly
Ensure your software is up-to-date, including your operating system, web browser, and other applications.
2. Install antivirus software
Use reliable antivirus software and keep it updated.
3. Be cautious of emails and websites
Be careful when opening emails and downloading attachments, and don’t click on suspicious links. Be cautious when visiting websites and only download software from reliable sources.
4. Use a firewall
Enable a firewall on your device to prevent unauthorized access.
5. Avoid manual overrides
Avoid manually overriding Gatekeeper protections on your device, and only install software from trusted sources.
Conclusion
The RustBucket malware targeting Apple devices is a serious threat, and it’s important to take steps to protect yourself. Follow the tips outlined above and stay vigilant when opening emails and visiting websites. By taking these steps, you can help to keep your device and personal information safe from cybercriminals.
