Objcshellz

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
ObjCShellz is a lightweight but advanced malware written in Objective-C, identified by researchers from Jamf Threat Labs in November 2023. This malicious software is designed to infiltrate macOS systems and enable remote execution of commands by attackers. It is characterized by its advanced obfuscation features, making it difficult for traditional security tools to detect or mitigate its activities. The malware was discovered as part of the RustBucket campaign and is tracked by Jamf as ObjCShellz. There is strong evidence suggesting that ObjCShellz is linked to the North Korea-associated Advanced Persistent Threat (APT) group, BlueNoroff. Notably, the malware shares significant similarities with other elements within the RustBucket malware campaign, which is also associated with BlueNoroff. Specific shared infrastructure indicates a connection between ObjCShellz payloads and SwiftLoader stagers, suggesting that ObjCShellz might be a later stage of the SwiftLoader SecurePDF Viewer.app. Based on previous attacks performed by BlueNoroff, experts believe that this malware is delivered through social engineering tactics as a late stage within a multi-stage attack. Once inside a system, ObjCShellz serves as a remote shell, allowing the attackers to execute commands and potentially steal sensitive information or disrupt operations. Given the stealthy nature of ObjCShellz and its association with an experienced APT group, it poses a significant threat to macOS users.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Rustbucket
3
RustBucket is a malicious software (malware) campaign that was first uncovered in 2021 and attributed to BlueNoroff, a North Korea-linked Advanced Persistent Threat (APT) group. The malware is known for its ability to exploit and damage computer systems, often infiltrating through suspicious downloa
Swiftloader
2
SwiftLoader is a sophisticated malware that functions as a PDF viewer to lure unsuspecting victims. It was initially used in the RustBucket campaign, where it served as a second-stage malware, infecting systems through seemingly innocent downloads such as documents sent to targets. Notably, SwiftLoa
Swiftloader Securepdf viewer.app
2
None
Securepdf viewer.app
1
SecurePDF Viewer.app is a malicious software (malware) that has been found to exploit and potentially damage computer systems, particularly those running on macOS 12.6 (Monterey) or later versions. It infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Macos
Apt
Sentinelone
Backdoor
Korean
Payload
Jamf
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KandykornUnspecified
2
KandyKorn is a new strain of malware that has recently been identified as an emerging threat to the technology sector, particularly targeting blockchain engineers. The malicious software, which is designed to infiltrate and damage computer systems, often enters undetected through suspicious download
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BluenoroffUnspecified
2
BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software,
Lazarus GroupUnspecified
1
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Objcshellz Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
7 months ago
Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
CERT-EU
8 months ago
North Korea-linked BlueNoroff's macOS malware variant targets financial firms
CERT-EU
7 months ago
New JaskaGO Malware Targets Mac and Windows for Crypto, Browser Data
Securityaffairs
8 months ago
North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz
CERT-EU
8 months ago
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
DARKReading
8 months ago
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
CERT-EU
8 months ago
Fresh find shines light on latest North Korean macOS malware
CERT-EU
8 months ago
New MacOS Malware Linked to North Korean Hackers
InfoSecurity-magazine
8 months ago
New BlueNoroff Malware Variant Targets Cryptocurrency Exchanges
CERT-EU
9 months ago
N. Korea's BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware
CERT-EU
8 months ago
New MacOS Malware Linked to North Korean Hackers
CERT-EU
8 months ago
North Korean Hackers Now Merging macOS Malware Strains
CERT-EU
8 months ago
North Korean hackers evolve their techniques by mixing malware from previous campaigns
CERT-EU
8 months ago
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads
DARKReading
8 months ago
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks
CERT-EU
8 months ago
N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection
CERT-EU
8 months ago
Novel social engineering attack infrastructure established by BlueNoroff
CERT-EU
8 months ago
Apple finally admits it's doing the thing we all knew it had to do
Securityaffairs
8 months ago
North Korea-linked APT Sapphire Sleet targets IT job seekers
CERT-EU
8 months ago
Microsoft: BlueNoroff hackers plan new crypto-theft attacks