New macOS Malware TodoSwift Linked to North Korean Hacking Groups
21-August-24
Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups.“This application shares several behaviors with malware we’ve seen that originated in North Korea (DPRK) — specifically the threat actor known as BlueNoroff — such as KANDYKORN and RustBucket,” Kandji security researcher Christopher Lopez said in an analysis.RustBucket, which first came to light in July 2023, refers to an AppleScript-based backdoor that’s capable of fetching next-stage payloads from a command-and-control (C2) server.
