Objcshellz

Malware updated 23 days ago (2024-11-29T14:33:46.240Z)
Download STIX
Preview STIX
ObjCShellz is a lightweight malware written in Objective-C, known for its advanced obfuscation features. Discovered by Jamf Threat Labs in November 2023, this malware operates as a relatively simple backdoor, serving as a remote shell that allows an attacker to execute arbitrary commands. It's typically delivered as a second-stage payload to systems already compromised. The malware shares similarities with the RustBucket campaign, suggesting a link to the BlueNoroff APT group, which is associated with North Korea. The ObjCShellz malware was first identified as part of the RustBucket campaign, a series of cyber-attacks believed to be orchestrated by the BlueNoroff APT group. Researchers noted specific shared infrastructure between ObjCShellz payloads and SwiftLoader stagers, indicating a likely connection. Further investigation revealed that ObjCShellz is highly probable to be a later stage of the SwiftLoader SecurePDF Viewer.app, reinforcing the link between these malicious software tools. In response to the threat posed by ObjCShellz and other similar malware like RustBucket, KANDYKORN, SmoothOperator, Fullhouse, POOLRAT, PondRAT, OdicLoader, Comebacker, and CollectionRAT, we have implemented prevention and detection alerts. These measures are designed to protect systems from infection, disruption, data theft, or ransom attacks common to such malicious software. By understanding the nature of ObjCShellz and its connections to other malware campaigns, we can better anticipate and counteract these cybersecurity threats.
Description last updated: 2024-09-10T03:17:06.257Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Rustbucket is a possible alias for Objcshellz. RustBucket is a malicious software (malware) specifically targeting macOS systems, first reported in 2023 and attributed to the North Korea-linked threat actor group, BlueNoroff. This malware was initially uncovered in 2021 as part of the RustBucket campaign and has since evolved into multiple varia
4
Swiftloader is a possible alias for Objcshellz. SwiftLoader is a sophisticated malware that functions as a PDF viewer to lure unsuspecting victims. It was initially used in the RustBucket campaign, where it served as a second-stage malware, infecting systems through seemingly innocent downloads such as documents sent to targets. Notably, SwiftLoa
2
Swiftloader Securepdf viewer.app is a possible alias for Objcshellz.
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Macos
Apt
Backdoor
Payload
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Kandykorn Malware is associated with Objcshellz. KandyKorn is a type of malware, first discovered in 2023, that targets macOS systems. Developed by the Lazarus hacking group, this malicious software specifically aims at blockchain engineers. The known infection process begins with social engineering tactics, tricking the victim into downloading a Unspecified
3
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Bluenoroff Threat Actor is associated with Objcshellz. BlueNoroff, a threat actor group linked to North Korea, has been identified as the malicious entity behind several high-profile cyber-attacks. Since first making headlines with an attack on Sony Pictures in 2014, BlueNoroff and its parent group Lazarus have been involved in numerous notorious securiUnspecified
2
Source Document References
Information about the Objcshellz Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
3 months ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago