Jamf, which specializes in Apple device management and security, says its Threat Labs team has discovered a macOS malware family called “RustBucket.”

They suspect it’s attributed to a North Korean APT group BlueNoroff, which is thought to be a subgroup of Lazarus. This RustBucket malware family communicates with command and control (C2) servers to download and execute various payloads. 

You can read Jamf’s full blog here that details the three stages of the malware’s workflow, what it does, how it works to compromise macOS devices, where it comes from, and what administrators can do to protect their Apple fleet.

Article provided with permission from AppleWorld.Today