Fast Feed

RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector

1 min read

Summary

  • A new malware attack on macOS
  • has been discovered, which researchers have named RustDoor, and which appears to be the work of the BlueNoroffgroup, a threat actor linked to the government of North Korea.
  • In the attack, the RustDoor malware was used to target developers by impersonating Visual Studio.
  • The malware was used to deliver a previously undocumented variant of the Koi Stealer malware.
  • Both pieces of malware have been written in Rust and were installed after the victim was socially engineered into downloading a fake software update.
  • The researchers observed the attacker attempting to evade detection by deploying different pieces of malware and by using various techniques to prevent anti-virus software and intrusion prevention systems from flagging their activities.
  • Enterprises using macOS endpoints can protect themselves from such attacks with comprehensive security solutions, coupled with security guidelines and policies for their personnel.

By Adva Gabay and Daniel Frank

Original Article