North Korean malware still attacks the Mac, IPHONE ADDICT

North Korean malware still attacks the Mac

According to SentinelOne's latest security report, MacOS still remains one of the favored targets of North Korean hackers. And in 2023, RustBucket and KandyKorn were by far the two most active malware on Mac. RustBucket uses the SwiftLoader malware – written in AppleScript and Swift – as a PDF viewer, all linked to a fake “decoy” PDF document sent directly to the victims' email inbox. For its part, KandyKorn – written in Python scripts – attacks the blockchain of a crypto exchange platform. The malware manages to install a RAT (Remote Access Trojan) backdoor on the target systems.

Security researchers note that SwiftLoader has branched into many variations, some of which can run on both Intel PCs and Macs. One of the malware variants is included in the file “Crypto-assets and their risks for financial” and has elements that also link it to KandyKorn, which indicates quite clearly that the hackers combined the two malware in one, a combination that is also found in several variants. For SentinelOne researchers, this is also an indication that North Korean hackers are undoubtedly reusing the infrastructure that was originally put in place for the RustBucket and KandyKorn malware.

The best way to protect yourself from these little pests is to remain cautious: do not open documents whose origin you do not know, be vigilant regarding security updates, install an antivirus, etc.

This article appeared first on