A group of security researchers have conducted an in-depth analysis of SpectralBlur, a novel backdoor for MacOS that seems to be associated with the KandyKorn malware family, which was recently identified as originating from North Korea.
The researchers became aware of the observed SpectralBlur sample in the recent week, which was first uploaded to VirusTotal in August 2023 but went unnoticed by antivirus engines. Threat researcher Greg Lesnewich first dissected the malware and found that it contained features like shell execution, sleep/hibernate, file upload/download, and deletion that are usually associated with backdoors.
Lesnewich compared the backdoor to KandyKorn, a macOS backdoor that Lazarus had been observed utilizing in recent attacks.
Read More: New ‘SpectralBlur’ macOS Backdoor Linked to North Korea
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
