← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
North Korean-Linked macOS Malware Targets Cryptocurrency Sector with RustDoor and Koi Stealer
WHITE AlienVault 2025-02-26 Modified: 2025-03-28
25
IOCs
MEDIUM VOLUME
A recent campaign attributed to North Korean threat actors has been identified, targeting macOS users in the cryptocurrency industry. The attackers employ sophisticated social engineering techniques, posing as recruiters to lure job-seeking software developers into downloading malicious software. The malware suite includes "RustDoor," a Rust-based backdoor masquerading as legitimate software updates, and a previously undocumented macOS variant of "Koi Stealer," designed to exfiltrate sensitive information
koi stealerstudio helperrustdoor c2cryptocurrenciesmacosaptrust
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Koi Stealer
Indicators of Compromise (2 / 25 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
URL https://apple-ads-metric.com 2025-02-26
URL https://visualstudiomacupdate.com 2025-02-26
References (1)
↗ https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/