Summary: Security researchers from Hunt.io have identified a cyber operation utilizing the Sliver command-and-control framework and Ligolo-ng tunneling tool, targeting victims by impersonating Y Combinator. The operation highlights the evolving tactics of cybercriminals leveraging trusted brands to…
Tag: MACOS
Summary: Researchers at Group-IB have uncovered a new stealth technique used by the North Korean APT group Lazarus, which targets macOS systems through a code-smuggling method that utilizes custom extended attributes to evade antivirus detection. This method involves the deployment of a Trojan named…
Summary: Zoom has addressed six vulnerabilities in its video conferencing platform, including two high-severity issues that could allow remote attackers to escalate privileges or leak sensitive information. The vulnerabilities affect various Zoom applications and require updates to mitigate risks. T…
Summary: Security researcher Ron Masas from Imperva Threat Research has revealed a new method for attackers to exploit Chrome users via the File System Access API, which can bypass security mechanisms on both Windows and macOS. This exploit can lead to severe security vulnerabilities, particularly f…
Summary: North Korean threat actors are targeting macOS systems with trojanized applications disguised as Notepad and Minesweeper games, leveraging a legitimate Apple developer ID to bypass security checks. The campaign appears to be an experimental effort to test methods for evading macOS security…
Jamf Threat Labs has identified malware samples linked to North Korea, utilizing Flutter for obfuscation. The malware, discovered in late October, includes applications that were signed and temporarily passed Apple’s notarization. The analysis reveals complex …
SentinelLabs describes the “Hidden Risk” campaign, a suspected BlueNoroff (DPRK) operation that uses phishing emails and a fake PDF lure to distribute multi-stage macOS malware. The attack installs a backdoor named “growth” and achieves stealthy persistence by…
This article discusses vulnerabilities in the macOS system daemons diskarbitrationd and storagekitd, specifically CVE-2024-44175, which allows attackers to bypass security measures. The findings, revealed by the Kandji team’s Threat Research group, focus on ho…
Researchers uncovered a malicious npm package, “jest-fet-mock,” that uses Ethereum smart contracts as a decentralized command-and-control mechanism to distribute multi-platform malware via typosquatting. The package executes during npm installation, targets de…
ClickFix is a social-engineering tactic that lures users with fake web pages (e.g., Google Meet or fake CAPTCHAs) to copy and execute PowerShell or mshta commands that download and run payloads like Amos Stealer on Windows and macOS. Observed since May 2024 an…
Summary: Cybersecurity researchers have identified six vulnerabilities in the Ollama AI framework that could be exploited for various malicious activities, including denial-of-service attacks, model poisoning, and model theft. These vulnerabilities pose significant risks, particularly as many instan…
North Korean actors used the Contagious Interview and WageMole campaigns to obtain remote jobs and steal sensitive data from developers by delivering obfuscated JavaScript and Python payloads. Their toolset (BeaverTail and InvisibleFerret) now supports Windows…
Summary: Researchers have uncovered an advanced version of the LightSpy spyware targeting Apple iOS, which not only enhances its data-capturing capabilities but also introduces destructive features that can render devices inoperable. This modular implant exploits known vulnerabilities in iOS and mac…
Summary: The Socket research team has uncovered a sophisticated malware campaign utilizing Ethereum smart contracts for command and control, marking a significant evolution in supply chain attacks targeting the npm ecosystem. This innovative approach makes tra…
Summary: In October 2024, a significant npm malware campaign was uncovered, utilizing Ethereum smart contracts for decentralized control and evading detection. The threat actor, known as “_lain,” orchestrated a botnet named “MisakaNetwork,” exploiting typosqua…