Malware Wiki

Summary

A simple reverse shell written in Objective-C

Class

APT Trojan

Class Summary

Advanced Persistent Threat (APT) Trojans are a form of stealthy malware. They're designed to maintain their presence on your macOS system over extended periods, making detection challenging. These Trojans are often used in targeted attacks, typically by skilled adversaries such as nation-state actors or sophisticated cybercriminal groups. They can steal sensitive data or execute remote commands. If an APT Trojan is detected, it's crucial to consult with a security specialist. Considering the stealth and persistence of APT actors, you might need an overall security audit to ensure complete removal and secure any breached data.

Description

ObjCShellz, an Objective-C backdoor attributed to the BlueNoroff/Lazarus APT group, enables attackers to issue shell commands to compromised systems. Upon establishing a connection with its command and control server, it allows the execution of shell commands, the results of which are relayed back to the attacker. This malware was first identified by Jamf Threat Labs within the scope of the RustBucket campaign, a BlueNoroff operation often targeting small cryptocurrency-focused companies.

References

https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/

Example Hashes

79337ccda23c67f8cfd9f43a6d3cf05fd01d1588

VirusTotal
588d84953ae992c5de61d3774ce86e710ed42d29

VirusTotal