← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
North Korean-Linked macOS Malware Targets Cryptocurrency Sector with RustDoor and Koi Stealer
WHITE AlienVault 2025-02-26 Modified: 2025-03-28
25
IOCs
MEDIUM VOLUME
A recent campaign attributed to North Korean threat actors has been identified, targeting macOS users in the cryptocurrency industry. The attackers employ sophisticated social engineering techniques, posing as recruiters to lure job-seeking software developers into downloading malicious software. The malware suite includes "RustDoor," a Rust-based backdoor masquerading as legitimate software updates, and a previously undocumented macOS variant of "Koi Stealer," designed to exfiltrate sensitive information
koi stealerstudio helperrustdoor c2cryptocurrenciesmacosaptrust
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Koi Stealer
Indicators of Compromise (3 / 25 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 457b0b1ab814a830ee2f658eb501face MD5 of 76f96a35b6f638eed779dc127f29a5b537ffc3bb7accc2c9bfab5a2120ea6bc9 2025-02-26
FileHash-MD5 701165265b73f90942b7000ba39cfe5c MD5 of baa676b671e771bf04b245e648f49516b338e1f49cbd9b4d237cc36d57ab858d 2025-02-26
FileHash-MD5 d2da2dc24f73f66f3fbe62784262378b MD5 of a900ec81363358ef26bcdf7827f6091af44c3f1001bc8f52b766c9569b56faa5 2025-02-26
References (1)
↗ https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/