The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.
BlueNorOff is a financially motivated hacking group known for attacking cryptocurrency exchanges and financial organizations such as venture capital firms and banks worldwide.
The malicious payload observed by Jamf malware analysts (labeled ProcessRequest) communicates with the swissborg[.]blog, an attacker-controlled domain registered on May 31 and hosted at 104.168.214[.]151 (an IP address part of BlueNorOff infrastructure).
Leave a reply