SpectralBlur malware overview new macOS malware
A new attempt at infecting macOS endpoints has been discovered in public sources by the malware SpectralBlur (file), linked to DPKRโs.
Hacker groups from North Korea often try to infect Windows and macOS devices; for example, in macOS, we saw malware like BlueNoroff, KandyKorn or RustBucket.
A backdoor in the context of cybersecurity refers to an application with malicious actions on a compromised system, like unauthorized access, hidden persistence, or gaining control of the system.
Static and dynamic analysis of a new malware SpectralBlur shows that malware is a moderately capable backdoor with a remote shell on a hacked device with the capabilities of downloading or uploading data, execution and more.
Malware with a remote shell provides unauthorized access to the command shell or terminal of a computer system with key points: execution, RAT (remote access), capabilities to communicate with a C2 server command-and-control server operated by attackers, privilege escalation, data exfiltration, and persistence.
An application can be either a graphical user interface or a command-line interface.
MITRE ATT&CK framework
A malicious URL is linked to this hash:
https\:\/\/auth\.pxaltonet\.org\/
By implementing a multi-layered security approach that involves security and monitoring tools like firewalls, IDS, EDR can prevent and detect them early when they occur.
Regularly update your security measures to adapt to evolving threats (OS, apps, malware databases).
