Back to Hub

North Korea's BlueNoroff Deploys Novel macOS Attack via Zoom Lures

Imagen generada por IA para: BlueNoroff de Corea del Norte despliega nuevo ataque macOS mediante señuelos de Zoom

North Korea's BlueNoroff hacking group, a sub-unit of the notorious Lazarus Group, has developed a novel macOS attack vector that leverages fake Zoom meeting invitations to deliver sophisticated malware. Security researchers have uncovered a campaign where the attackers embed malicious code in documents buried beneath over 10,000 blank lines - an unprecedented obfuscation technique designed to bypass automated security scans.

The attack begins with carefully crafted phishing emails containing what appear to be Zoom meeting invitations or software updates. When victims download and open the attached documents, they encounter what seems to be an empty file. However, hidden deep within the document's structure lies malicious JavaScript code that executes a multi-stage attack chain.

Technical analysis reveals the malware performs several key functions:

  1. Establishing persistence on macOS systems through LaunchAgents
  2. Deploying a cryptocurrency wallet stealer targeting Exodus and other popular wallets
  3. Injecting malicious code into financial applications
  4. Capturing keystrokes and screenshots

What makes this campaign particularly concerning is its targeting of macOS systems, traditionally considered more secure than Windows. The attackers have invested significant effort in macOS-specific techniques, including:

  • Custom Mach-O binaries signed with stolen developer certificates
  • Abuse of macOS automation features (AppleScript)
  • Fileless execution techniques in memory

Security teams should implement several defensive measures:

  1. Deploy advanced document inspection tools that analyze full file structure
  2. Monitor for unusual AppleScript or JavaScript execution
  3. Implement application allowlisting for financial applications
  4. Educate employees about Zoom-related phishing tactics

The emergence of such sophisticated macOS malware from nation-state actors signals a concerning evolution in cross-platform threats, particularly for financial institutions and cryptocurrency firms that may have considered macOS a safer alternative.

Original source: View Original Sources
NewsSearcher AI-powered news aggregation
Published: 28/06/2025

Comentarios 0

¡Únete a la conversación!

Sé el primero en compartir tu opinión sobre este artículo.