New ‘ObjCShellz’ malware allows hackers to remotely control a Mac

Macworld

Researchers at Jamf Threat Labs have discovered a new malware that can give hackers access and control of a Mac once it has been infected. Dubbed “ObjCShellz” by Jamf, the malware appears to be connected to BlueNoroff Advanced Persistent Threat, a group that usually targets banks, cryptocurrency exchanges, and venture capitalists.

The malware, which was created using the Objective-C programming language, can run shell commands that are received from the hacker’s server, effectively giving the hacker control of the Mac. The malware can also get information about the Mac–such as the version of macOS that is running–and send that info to the server, which can then be read by the hacker.

Jamf determined that ObjCShellz communicates with a domain that is used by the Rustbucket malware discovered by Jamf this past April. Rustbucket is associated with BlueNoroff, a group from North Korea that does state-sponsored attacks. Jamf said that while the malware is “fairly simple, this malware is still very functional and will help attackers carry out their objectives.”

Jamf’s report says that ObjCShellz was “undetected on VirusTotal at the time of our analysis.” VirusTotal is a website that allows visitors to check files and URLs to check for malware or other breaches. Apple released macOS Sonoma 14.1.1. and Ventura 13.6.2 updates this week but they don’t contain any security updates per Apple’s notes.

Jamf does not go into detail as to how ObjCShellz infects a Mac in the first place, but it notes that “this malware was a late stage within a multi-stage malware delivered via social engineering.” That usually means an actor convinced a user to put the malware on the Mac and the malware was likely disguised as a file that seems innocuous.

How to protect yourself from malware

Apple has protections in place within macOS and the company releases security patches through OS updates, so it’s important to install them when they are available. If Apple pulls back an update, the company will reissue it as soon as it is properly revised with corrections.

When downloading software, get it from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.

MacOS, Security Software and Services

​Macworld Macworld

Researchers at Jamf Threat Labs have discovered a new malware that can give hackers access and control of a Mac once it has been infected. Dubbed “ObjCShellz” by Jamf, the malware appears to be connected to BlueNoroff Advanced Persistent Threat, a group that usually targets banks, cryptocurrency exchanges, and venture capitalists.

The malware, which was created using the Objective-C programming language, can run shell commands that are received from the hacker’s server, effectively giving the hacker control of the Mac. The malware can also get information about the Mac–such as the version of macOS that is running–and send that info to the server, which can then be read by the hacker.

Jamf determined that ObjCShellz communicates with a domain that is used by the Rustbucket malware discovered by Jamf this past April. Rustbucket is associated with BlueNoroff, a group from North Korea that does state-sponsored attacks. Jamf said that while the malware is “fairly simple, this malware is still very functional and will help attackers carry out their objectives.”

Jamf’s report says that ObjCShellz was “undetected on VirusTotal at the time of our analysis.” VirusTotal is a website that allows visitors to check files and URLs to check for malware or other breaches. Apple released macOS Sonoma 14.1.1. and Ventura 13.6.2 updates this week but they don’t contain any security updates per Apple’s notes.

Jamf does not go into detail as to how ObjCShellz infects a Mac in the first place, but it notes that “this malware was a late stage within a multi-stage malware delivered via social engineering.” That usually means an actor convinced a user to put the malware on the Mac and the malware was likely disguised as a file that seems innocuous.

How to protect yourself from malware

Apple has protections in place within macOS and the company releases security patches through OS updates, so it’s important to install them when they are available. If Apple pulls back an update, the company will reissue it as soon as it is properly revised with corrections.

When downloading software, get it from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.

MacOS, Security Software and Services 

Leave a Reply

Your email address will not be published. Required fields are marked *