North Korean threat actor, BlueNoroff, is suspected of being behind a new Apple macOS malware strain called RustBucket. The malware communicates with command and control (C2) servers to download and execute various payloads. This attack comes off a busy period of attacks orchestrated by the Lazarus Group aimed at organisations across countries and industry verticals for collecting strategic intelligence and performing cryptocurrency theft. The RustBucket malware identifies as an "Internal PDF Viewer" application to activate the infection, and it relies on the victim manually overriding Gatekeeper protections. The development is a sign that threat actors are adapting their toolsets to accommodate cross-platform malware by using programming languages like Go and Rust.