BlueNoroff used macOS malware with novel persistence
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign called 'Hidden Risk'. The attackers, linked to BlueNoroff, used fake cryptocurrency news emails and a malicious app disguised as a PDF to deliver multi-stage malware. The malware uses a novel persistence technique exploiting the Zsh configuration file to bypass macOS security notifications. The campaign has been active since July 2024 and shows BlueNoroff's continued focus on targeting the crypto and Web3 sectors with evolving tactics.
OPENCTI LABELS :
apt,phishing,macos,north korea,cryptocurrency,persistence,lessonone,growth
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
BlueNoroff used macOS malware with novel persistence