"SpectralBlur: New macOS Backdoor Threat from North Korean Hackers"

Researchers have discovered a new Apple macOS backdoor called SpectralBlur, which overlaps with KANDYKORN, a known malware family linked to North Korean threat actors. According to security researcher Greg Lesnewich, SpectralBlur can upload files, run a shell, update its configuration, delete files, and more. The malware is similar to KANDYKORN, a sophisticated implant that serves as a Remote Access Trojan (RAT). KANDYKORN activity overlaps with another campaign launched by the Lazarus sub-group BlueNoroff, which leads to the deployment of a backdoor known as RustBucket and a late-stage payload called ObjCShellz. This article continues to discuss findings regarding SpectralBlur.

THN reports "SpectralBlur: New macOS Backdoor Threat from North Korean Hackers"

Submitted by grigby1

Submitted by grigby1 CPVI on