North Korean-Linked macOS Malware Targets Cryptocurrency Sector with…

216.73.217.80

North Korean-Linked macOS Malware Targets Cryptocurrency Sector with RustDoor and Koi Stealer

· Published 26/02/2025 16:41 · Modified 26/02/2025 16:46

Essential information

Published: 26/02/2025 16:41
Modified: 26/02/2025 16:46
Tags: 2025-02-26 apt cryptocurrencies koi stealer macos rust rustdoor c2 studio helper
Related entities: 21 observables, 8 techniques (mitre), 1 malware

Description

A recent campaign attributed to North Korean threat actors has been identified, targeting macOS users in the cryptocurrency industry. The attackers employ sophisticated social engineering techniques, posing as recruiters to lure job-seeking software developers into downloading malicious software. The malware suite includes "RustDoor," a Rust-based backdoor masquerading as legitimate software updates, and a previously undocumented macOS variant of "Koi Stealer," designed to exfiltrate sensitive information

External references

https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/
https://otx.alienvault.com/pulse/67bf4431daee3fb074cce3dd