Security researchers recently delved into SpectralBlur, a new macOS backdoor sharing similarities with the North Korean malware, KandyKorn. Discovered in an August 2023 VirusTotal upload, SpectralBlur wasn’t flagged by antivirus engines until recently. It exhibits classic backdoor functionalities like file manipulation, command execution, and communication with a command-and-control server. This interaction employs encrypted sockets, resembling KandyKorn’s traits, used by the Lazarus hacking group. Both backdoors possess analogous features, suggesting separate development but similar requirements. Upon analysis by researchers Greg Lesnewich and Patrick Wardle, SpectralBlur revealed methods to avoid detection and erase files, bearing hallmarks of Lazarus, a longstanding North Korean state-backed hacking group. This discovery adds to the evolving landscape of macOS threats, with 21 new malware families emerging in 2023.
Read more: https://www.securityweek.com/new-spectralblur-macos-backdoor-linked-to-north-korea/