Skip to content
  • Categories
Collapse
Brand Logo

Talks
  1. Home
  2. English
  3. Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Scheduled Pinned Locked Moved English
1 Posts 1 Posters 1 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    S Offline
    SrGuard
    wrote last edited by
    #1

    Researchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family.
    Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS. The backdoor shows similarities with the malware family KANDYKORN (aka SockRacket), which was attributed to the North Korea-linked Lazarus sub-group known as BlueNoroff (aka TA444).

    KandyKorn is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes reflective loading, a direct-memory form of execution that may bypass detections,” notes Elastic Security, which identified and analyzed the threat.” reads the report published by Elastic.

    SpectralBlur is not a sophisticated malware, it supports ordinary backdoor capabilities, including uploading/downloading files, running a shell, updating its configuration, deleting files, hibernating or sleeping, based on commands issued from the C2.

    Source:
    https://securityaffairs.com/157010/apt/macos-backdoor-spectralblur-north-korea.html

    1 Reply Last reply
    0

    • Login
    • Don't have an account? Register
    Powered by NodeBB Contributors
    • First post
      Last post
    0
    • Categories