See More

North Korea’s BlueNoroff Targets macOS Users With RustBucket Crypto Malware

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • North Korea-linked BlueNoroff is targeting macOS users with a malware called RustBucket.
  • The malware installs a backdoor PDF reader.
  • BlueNoroff has been improving its techniques and targeted crypto startups in several countries in 2022.
  • promo

The North Korea-linked BlueNoroff hacking collective has been busy attacking macOS users with a malware called RustBucket. The malware installs a backdoor PDF reader.

Hackers are using the malware to steal crypto from users.

RustBucket Targets macOS

Security researchers at Jamf published a report on the malware, which was later further analyzed by Sekoia.io.

The latter states,

“Since 2017, BlueNoroff was observed conducting financially-driven campaigns targeting cryptocurrency exchanges and venture capital-related entities in Europe, Asia, the U.S., and the UAE.”

North Korea hacker group BlueNoroff is focused on attacking macOS users with a malware called RustBucket. The malware installs a backdoor PDF reader: Sekoia
How RustBucket Works: Sekoia

The BlueNoroff-created malware has been focused on revenue generation since 2015. BlueNoroff has been leveraging RustBucket, a malware that uses Rust and Objective C to target macOS. Sekoia explains the attack as follows,

“The RustBucket infection chain consists of a macOS installer that installs a backdoored, yet functional, PDF reader. The fake PDF reader then requires opening a specific PDF file that operates as a key to trigger the malicious activity.”

BlueNoroff Has Carried Out Attacks Globally

BlueNoroff has reached a global level of threat in 2022, targeting crypto startups in the U.S., Russia, China, India, the U.K., Ukraine, Poland, the Czech Republic, UAE, Singapore, Estonia, Vietnam, Malta, Germany, and Hong Kong.

The hacking group also posed as Japanese VCs and banks in late 2022, creating dozens of fake domains. The group once used Word documents to inject malware but has since been improving its technique.

The U.S. Department of the Treasury had sanctioned the group as far back as 2019, but it has done little to stop the group. BlueNoroff is only one part of North Korea’s extensive cyber warfare operations, which have frequently made the news for their exploits.

North Korea-linked Hackers Stole $1.7B in 2022

North Korea-linked hackers have been busy carrying out their operations for a long time. 2022 was a particularly notable year, as they managed to steal about $1.7 billion in crypto from various entities. Chainalysis noted that the figure quadrupled from 2021 when they stole $429 million.

The United Nations released a report stating that the funds were going towards funding its missile program. The United States has also sanctioned addresses allegedly linked to North Korea.

Top crypto platforms in the US | March 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Rahul-Nambiampurath.jpg
Rahul Nambiampurath
Rahul Nambiampurath's cryptocurrency journey first began in 2014 when he stumbled upon Satoshi's Bitcoin whitepaper. With a bachelor's degree in Commerce and an MBA in Finance from Sikkim Manipal University, he was among the few that first recognized the sheer untapped potential of decentralized technologies. Since then, he has helped DeFi platforms like Balancer and Sidus Heroes — a web3 metaverse — as well as CEXs like Bitso (Mexico's biggest) and Overbit to reach new heights with his...
READ FULL BIO
Sponsored
Sponsored