BlueNoroff APT Group Targets macOS Users With New RustBucket Malware

A security company reported that BlueNoroff (a subgroup of Lazarus APT) has introduced a new macOS malware strain it is calling RustBucket. The malware allows attackers to download and execute various payloads. For the first-stage infection, the malware arrives packaged as an unsigned application, whereas it masquerades as a legitimate Apple bundle identifier during the second stage that is signed with an ad-hoc signature.