Top macOS Malware Threats: Here Are 6 to Watch

Since at least December, North Korea's BlueNoroff threat actor — a subgroup of the broader Lazarus group — has been using malware dubbed RustBucket in financially motivated attacks against targeted organizations worldwide. The malware marks the threat group's first foray into the macOS realm and is an example of how attackers have increasingly begun using cross-platform languages like Go to develop attack tools for multiple platforms.

Researchers from Jamf Threat Labs reported on the malware in April 2023 after observing BlueNoroff using it to drop and execute various payloads on victim systems. The malware consists of a first-stage component (a backdoored but fully functional PDF reader) that reaches out to a remote command-and-control (C2) server, and installs a separate, second-stage payload for gathering specific information from the victim system and relaying it back to the attacker.

Jaron Bradley, senior manager of macOS detections at Jamf, says the sophistication is not only inside the malware itself, but the social engineering tactics that the attackers use in order to get onto victim systems. "This malware campaign targets Windows as well," Bradley says. "But the fact that the attackers have gone out of their way to include a macOS version of the malware tells us that … they have likely hit roadblocks in the past … on the macOS platform."