The prolific North Korean state-backed threat actor known as TA444 is back with shiny new malware for targeting macOS users, dubbed "SpectralBlur." According to Proofpoint threat researcher Greg Lesnewich, TA444 (aka APT38, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, and Stardust Chollima) debuted the SpectralBlur malware in August. For instance, Lesnewich noted that SpectralBlur malware contains similar strings within its code to the KandyKorn macOS data stealer, which emerged in early November in Lazarus Group campaigns used to target blockchain engineers connected to cryptocurrency exchanges. SpectralBlur is just the latest tool designed to go after macOS users, who are becoming a particular focus for North Korean nation-state attackers. "TA444 keeps running fast and furious with these new macOS malware families," Lesnewich wrote.

Source: The North Africa Journal January 06, 2024 08:59 UTC