The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed « mixing and matching » different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.
The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign.
