Hackers continue to set their sights on Macs and this time around, they’re using a new macOS malware to infect unsuspecting users.
First discovered by security researchers at the cybersecurity firm Jamf, RustBucket is a stage-one malware that is able to download additional payloads from a command and control (C&C) server controlled by the hackers behind this campaign.
Disguised as an Internal PDF Viewer
The BlueNoroff hackers are using an unsigned application called “Internal PDF Viewer.app” to infect vulnerable Macs with the RustBucket malware. However, this internal PDF viewer app is just the first stage of the infection.
Once downloaded onto a Mac, RustBucket then retrieves the second-stage payload which is a signed application posing as a legitimate Apple bundle identifier from the hacker-controlled C&C server. To throw off potential victims, it also displays a decoy PDF with information from a legitimate venture capital firm.
From here, the malware then receives the stage-three payload which is a signed trojan that can run on both ARM and X86 systems since it’s written in the Rust programming language.
The RustBucket malware is capable of gathering system information from an infected Mac including a list of running processes, the current time and whether it’s running in a virtual machine.
In its report, Jamf provided further insight on the state of Mac malware, saying: “The malware used here shows that as macOS grows in market share, attackers realize that a number of victims will be immune if their tooling is not updated to include the Apple ecosystem. Lazarus group, which has strong ties to BlueNoroff, has a long history of attacking macOS and it’s likely we’ll see more APT groups start doing the same.”
How to keep your Mac safe from malware
Just like on one of the best Windows laptops, when it comes to keeping your Mac safe from malware, you want to be extremely careful when checking your inbox. PDFs and other attachments are often used by hackers to spread malware which is why you should avoid opening any files in emails sent from an unknown sender. Likewise, you shouldn’t click on any links these emails contain either.
Although MacOS comes with XProtect to detect and block malware from running on your Apple computer and Gatekeeper to ensure that all software is signed by a developer registered with Apple, Mac malware does slip through the cracks from time to time. This is why you should also consider using one of the best Mac antivirus software solutions on your Apple computers.
As Jamf pointed out in its report, we’ll likely see more state-sponsored hackers targeting Macs now that Apple’s computers have become increasingly popular. For this reason, Mac users now need to be just as careful as Windows users to avoid having their systems infected with malware and their personal and financial information stolen by hackers.