Jamf Threat Labs attributed a new macOS later-stage malware sample, tracked as ObjCShellz, to BlueNoroff activity overlapping the RustBucket campaign. The Mach-O universal binary named ProcessRequest contacted swissborg[.]blog, a domain resembling cryptocurrency-brand infrastructure, and Jamf observed the domain resolving to 104.168.214[.]151 before the server went offline. The Objective-C malware periodically sent host and macOS version data to hxxp://swissborg.blog/zxcv/bnm, then used server responses as shell commands executed through system(). Jamf assesses the tool as a simple remote shell likely deployed after social-engineering access against financially motivated targets such as cryptocurrency exchanges, venture-capital firms, and banks.