On 3 January 2024, security researcher Greg Lesnewich reported new activities linked to the SpectralBlur backdoor—a recently identified threat that targets macOS and shares significant similarities with KandyKorn. The latter is a trojan attributed to the DPRK-linked Bluenoroff, a sub-unit of the Lazarus Group.
KandyKorn, and likely now SpectralBlur, is being leveraged in the RustBucket campaign, a broad and long-lasting threat targeting various business sectors and individuals, particularly those involved with cryptocurrency exchanges and venture capital.
Based on Mr. Lesnewich's report, the backdoor is a "moderately capable" with ability to "upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2."