NukeSped malware a dud, thanks to Jamf Protect

Security, Jamf Threat Labs

Jamf protects against the most recent findings on Lazerous Group malware targeting macOS. CISA recently posted findings on a handful of malicious applications they refer to as TraderTraitor and many vendors detect as NukeSped malware.

Threat: NukeSped

Affects: The Cybersecurity & Infrastructure Security Agency documented findings that the threat actor most commonly known as Lazarus Group has been targeting companies involved in blockchain and cryptocurrency technologies, as well as the heavy users of these technologies. The actors would install macOS malware on systems by socially engineering users to run their trojanized cryptocurrency applications.

Prevented by: Jamf Protect threat prevention blocks the execution of the malicious executables of this malware.

IOCs: SHA1 Hashes d2a77c31c3e169bec655068e96cf4e7fc52e77b8 - Macho Executable 48a6d5141e25b6c63ad8da20b954b56afe589031 - Macho Executable 41f855b54bf3db621b340b7c59722fb493ba39a5 - Macho Executable b2d9ca7b6d1bbbe4864ea11dfca343b7e15597d8 - DMG f1606d4d374d7e2ba756bdd4df9b780748f6dc98 - DMG 8e67006585e49f51db96604487138e688df732d3 - Zip ae9f4e39c576555faadee136c6c3b2d358ad90b9 - DMG

Malicious Domains (as published by CISA): Domains and IPs dafom[.]dev 45.14.227[.]58 tokenais[.]com 199.188.103[.]115 cryptais[.]com 82.102.31.14 alticgo[.]com 108.170.55[.]202 esilet[.]com 104.168.98[.]156 creaideck[.]com 38.132.124[.]161 aideck[.]net 89.45.4[.]151 greenvideo[.]nl (likely legitimate but compromised) 62.84.240[.]140 (likely legitimate but compromised) dafnefonseca[.]com (likely legitimate but compromised) 151.101.64[.]119 (likely legitimate but compromised) haciendadeclarevot[.]com (likely legitimate but compromised) 185.66.41[.]17 (likely legitimate but compromised) sche-eg[.]org (likely legitimate but compromised) 160.153.235[.]20 (likely legitimate but compromised) www.vinoymas[.]ch (likely legitimate but compromised) 46.16.62[.]238 (likely legitimate but compromised) infodigitalnew[.]com (likely legitimate but compromised) 107.154.160[.]132 (likely legitimate but compromised)

Don't let bad actors blowup your organization's productivity!

Contact Jamf to implement Jamf Protect to shield your endpoints from explosive malware today.

Request Trial

Jamf Threat Labs

Jamf

Jamf Threat Labs is a global team of experienced threat researchers, cybersecurity experts and data scientists with skills that span penetration testing, network monitoring, malware research and app risk assessment. Jamf Threat Labs primarily monitors and explores emerging threats affecting Mac and mobile devices. The team’s research is published with the aim of raising awareness of specific threats while also improving awareness and advocacy of security practices to protect the modern workforce.

Previous Blog Post:
Prev
Jamf protects against oRAT malware Blog Homepage
Next Blog Post:
Next
When small- and medium-sized businesses must go beyond MDM

Related Resources

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

Email Address (Work)

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.

NukeSped malware a dud, thanks to Jamf Protect

Don't let bad actors blowup your organization's productivity!

Jamf Threat Labs research findings on cyber-warfare between Russia and Ukraine

What is Jamf Threat Labs?

Jamf Protect overview