When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Cybersecurity researchers have stumbled upon yet anothermalwarevariant for macOS likely built by the notorious North Korean Lazarus group.
The ID has since been revoked.
RustyAttr was found abusing extended attributes for macOS, the researchers claim.
In this case, the EA name was test, and carries a shell script.
When the malware runs, it loads a website with a piece of JavaScript.
This JavaScript - called preload.js, pulls content from test which seems to be a location.
This location is then sent to the run_command function, where the shell script executes it.
ViaBleepingComputer
