The BlueNoroff hacking collective, linked to North Korea, has deployed the RustBucket macOS malware to steal cryptocurrency from users, according to security researchers at Jamf and Sekoia.io. RustBucket is a backdoored PDF reader which requires the opening of a specific PDF file to trigger malicious activity. The malware has been focused on revenue generation since 2015, and the group has been targeting cryptocurrency exchanges and related firms around the world, whilst posing as Japanese financial institutions. The US Treasury department has previously sanctioned BlueNoroff, which is part of North Korea’s extensive cyber warfare operations. In 2022, North Korea-linked hackers stole $1.7bn in cryptocurrency from various targets, four times the amount they stole in the previous year.