Beware of RustBucket New macOS Malware Disguised as PDF Viewer

How to Protect Your Apple Device from RustBucket Malware

Beware of RustBucket new macOS malware disguised as PDF viewer. The cybersecurity world is abuzz with the news of a new malware variant targeting Apple devices. Dubbed RustBucket, this malware poses as a fake macOS PDF viewer, which can deliver the stage-two malware to the target endpoints.

RustBucket New macOS Malware

RustBucket New macOS Malware is a loader malware that delivers the stage-two malware to the target endpoint. The cybercriminals distribute RustBucket under the filename “Internal PDF Viewer.” While researchers did not discuss distribution channels, it’s believed that the malware is being sent via phishing emails and malicious websites.

The Three-Stage Attack

The RustBucket malware requires the victim to manually override the Gatekeeper protections to work. If the victim does that, they risk getting a second-stage payload, written in Objective-C. This second-stage payload delivers the final payload, which is a Mach-O executable written in Rust. This malware can run system reconnaissance commands.

New Macos Malware
New Macos Malware

The Clever PDF Viewer Technique

The PDF viewer technique used by the attackers is quite clever. In order to execute the malicious code within the application, not only do researchers need the stage-two malware, but they also require the correct PDF file that operates as a key. This technique makes it difficult to analyze and detect the malware.

The Threat Actor Behind the Campaign

The threat actor behind this campaign is called BlueNoroff, which is sometimes referred to as APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, or TA444. BlueNoroff is a part of the Lazarus Group, an infamous state-sponsored threat actor from North Korea. Lazarus is one of the world’s most well-known threat actors and responsible for several high-profile attacks, including the Harmony bridge attack that occurred in June 2022, resulting in the theft of $100 million in various cryptocurrencies. The group was also behind an attack on the Ronin bridge that took place earlier in 2022, where they stole $625 million in various cryptocurrencies.

How to Protect Yourself

To protect yourself from the RustBucket malware and other similar threats, follow these tips:

1. Update your software regularly

Ensure your software is up-to-date, including your operating system, web browser, and other applications.

2. Install antivirus software

Use reliable antivirus software and keep it updated.

3. Be cautious of emails and websites

Be careful when opening emails and downloading attachments, and don’t click on suspicious links. Be cautious when visiting websites and only download software from reliable sources.

4. Use a firewall

Enable a firewall on your device to prevent unauthorized access.

5. Avoid manual overrides

Avoid manually overriding Gatekeeper protections on your device, and only install software from trusted sources.


The RustBucket malware targeting Apple devices is a serious threat, and it’s important to take steps to protect yourself. Follow the tips outlined above and stay vigilant when opening emails and visiting websites. By taking these steps, you can help to keep your device and personal information safe from cybercriminals.


TechBeams Team of seasoned technology writers with several years of experience in the field. The team has a passion for exploring the latest trends and developments in the tech industry and sharing their insights with readers. With a background in Information Technology. TechBeams Team brings a unique perspective to their writing and is always looking for ways to make complex concepts accessible to a broad audience.

Leave a Reply

Back to top button