1 min read

[SecurityAffairs] Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS.
[SecurityAffairs] Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
Photo by Steve Barker / Unsplash

KandyKorn is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes reflective loading, a direct-memory form of execution that may bypass detections,” notes Elastic Security, which identified and analyzed the threat.” reads the report published by Elastic.

SpectralBlur is not a sophisticated malware, it supports ordinary backdoor capabilities, including uploading/downloading files, running a shell, updating its configuration, deleting files, hibernating or sleeping, based on commands issued from the C2.

“TA444 keeps running fast and furious with these new MacOS malware families. Looking for similar strings lead us to link SpectralBlur and KandyKorn (which were further linked to TA444 after more samples turned up, and eventually, a phishing campaign hit our visibility that pulled down KandyKorn).” concludes Lesnewich. “So knowing your Macho stuff will help track emerging DPRK capability if that is your interest!”

[....]

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
Researchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family.