LightSpy macOS is part of a broader LightSpy surveillance framework targeting multiple platforms, with a modular core and plugins designed to exfiltrate a wide range of data and maintain control. The article analyzes the macOS implant chain, including initial …
Tag: MACOS
Summary: This post discusses the continuous scanning of PyPI packages for malware and the identification of a cluster of malicious packages. Threat Actor: Malicious software packages Victim: Python Package Index (PyPI) Key Point : DataDog has developed GuardDog, a tool that uses Semgrep and package…
Summary: A new Google Ads malvertising campaign is tricking users into downloading trojanized installers for the Arc web browser, infecting them with malware payloads. Threat Actor: Cybercriminals | Cybercriminals Victim: Users downloading the Arc web browser | Arc web browser Key Point: Cybercrimin…
Recently discovered on a popular cybersecurity forum, GhostHook v1.0 is an innovative file-less browser malware developed by Native-One. This new software stands out due to its unique spreading methods and versatility, posing significant risks across multiple platforms and browsers. Features of GhostHook v1.0: OS Compatibility: Windows Android Linux macOS Browser Compatibility:…
Summary: The content discusses new versions of Git that have been released to fix five vulnerabilities, including a critical one that allows remote code execution during a “clone” operation. Threat Actor: N/A Victim: N/A Key Point : New versions of Git have been released to address five vulnerabilit…
Summary: This content highlights the misuse of the client management tool Quick Assist by the threat actor Storm-1811 in social engineering attacks, targeting users for financial gain. Threat Actor: Storm-1811 | Storm-1811 Victim: Users targeted in social engineering attacks | Users targeted in soci…
Uptycs Threat Research Team uncovered a large-scale Log4j campaign that actively deploys XMRig miners across thousands of hosts. The operation exploits CVE-2021-44228 via crafted HTTP requests and JNDI lookups to fetch payloads and drop miner malware on target…
Summary: Adobe has released Patch Tuesday updates to address multiple code execution vulnerabilities in its products, including Adobe Acrobat and Reader software. Threat Actor: None identified. Victim: Adobe | Adobe Key Point : Adobe has fixed 35 security vulnerabilities in its Patch Tuesday updates…
Summary: This content discusses a cyber campaign conducted by Russian-speaking threat actors who used legitimate internet services to deploy various malware variants, posing challenges for tracking and defense against this type of threat. Threat Actor: Russian-speaking threat actors | Russian-speaki…
Summary: Apple has released security updates to fix a zero-day vulnerability in the Safari web browser that was exploited during the Pwn2Own Vancouver hacking competition. Threat Actor: Manfred Paul | Manfred Paul Victim: Apple | Apple Key Point : Apple has addressed a zero-day vulnerability (CVE-20…
Discover how Russian-speaking hackers leverage GitHub to host malware disguised as legitimate software. Explore the campaign, implications, and protection strategies.
Summary: Apple has backported security patches to older iPhones and iPads, fixing an iOS zero-day vulnerability that was actively exploited in attacks. Threat Actor: Unknown | Unknown Victim: Apple | Apple Key Point : Apple has addressed a memory corruption issue in its RTKit real-time operating sys…
Summary: This content discusses the features and updates of Nmap, a free and open-source tool used for network discovery and security auditing. Threat Actor: N/A Victim: N/A Key Point: Nmap is a valuable tool for network administrators as it helps with network inventory, managing service upgrade sch…
Summary: This content discusses a suspicious package called “requests-darwin-lite” found on PyPI, which is a fork of the popular “requests” package and contains a malicious Go binary disguised as the package’s logo. Threat Actor: Unknown | Unknown Victim: PyPI | PyPI Key Point : A suspicious package…
Cuckoo Stealer is a new macOS infostealer/spyware family that is expanding through trojanized apps and malicious installers. It combines XOR-based obfuscation, AppleScript abuse, and Launch Agent persistence to steal data while avoiding basic defenses. #Cuckoo…