SentinelOne's macOS malware review includes DPRK-linked RustBucket as an example of targeted social engineering against organizations using Apple systems. The campaign used a business-deal pretext and "confidential" PDF documents that pushed victims to install an Internal PDF Viewer application, bypass macOS protections, and run attacker-controlled software. The viewer displayed the expected document while downloading and executing malware from C2 in the background. The broader source contrasts these targeted operations with commodity Mac infostealers and notes that business-focused attackers are increasingly relying on tailored lures and trojanized applications rather than simple mass distribution.