top of page
  • Clipeus

SpectralBlur: Bluenoroff-Linked MacOS Backdoor

On 3 January 2024, security researcher Greg Lesnewich reported new activities linked to the SpectralBlur backdoor—a recently identified threat that targets macOS and shares significant similarities with KandyKorn. The latter is a trojan attributed to the DPRK-linked Bluenoroff, a sub-unit of the Lazarus Group.

KandyKorn, and likely now SpectralBlur, is being leveraged in the RustBucket campaign, a broad and long-lasting threat targeting various business sectors and individuals, particularly those involved with cryptocurrency exchanges and venture capital.

Based on Mr. Lesnewich's report, the backdoor is a "moderately capable" with ability to "upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2."


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page