Cuckoo employs deceptive tactics, claiming to convert Spotify music to MP3 format while actually stealing sensitive data like passwords, browsing history, cryptocurrency wallet details, and more….
Tag: MACOS
Apple expanded XProtect with 74 new rules in v2192 and 10 more in v2193 to disrupt Adload, but the adware quickly pivoted to evade the updates. The article analyzes a Go-based Adload variant that bypasses XProtect and outlines observed indicators of compromise…
Cuckoo is a newly observed macOS Mach-O malware that blends spyware with infostealer capabilities, distributed via a malicious version of DumpMedia Spotify Music Converter and related tools. It uses heavy stealth techniques, including XOR-encoded strings, app …
LightSpy, long seen as iOS malware, has a newly documented macOS variant that targets macOS devices via a dropper that loads a series of dylibs and multiple plugins. The macOS implant uses a plugin manifest, AES-encrypted configuration, and WebSocket-based C2 …
Phylum reports a renewed North Korean operation leveraging npm to publish trojanized packages that execute code during installation. The latest variant widens targets beyond Windows to macOS and Linux using obfuscated scripts and a download-and-execute payload…
Summary: Microsoft has reported that North Korea-linked state-sponsored cyber actors are using artificial intelligence (AI) to enhance their operations, including spear-phishing efforts and reconnaissance on organizations focused on North Korea. Threat Actor: North Korea-linked state-sponsored cyber…
Summary: Threat actors are exploiting a flaw in GitHub’s file upload feature to distribute malware through URLs associated with Microsoft repositories, making the files appear trustworthy. Threat Actor: Unknown threat actors Victim: Users accessing Microsoft GitHub repositories Key Point : Threat ac…
ThreatDown researchers track a long-running FakeBat malvertising operation that now targets VMware users via Google search ads to deliver Windows and Mac info stealers. The attack chain relies on cloaking, traffic redirection, decoy sites, and signed installer…
Pupy is a RAT malware strain that offers cross-platform support. Because it is an open-source program published on GitHub, it is continuously being used by various threat actors including APT groups. For example, it is known to have been used by APT35 (said to have ties to Iran) [1] and was…
Summary: This article discusses two sub-techniques that have been exploited by North Korean threat actors: TCC manipulation on Apple’s macOS and “phantom” DLL hijacking on Windows. These techniques allow hackers to gain privileged access and perform espionage activities. Threat Actor: North Korean t…
Insikt Group reveals a Russian-language cybercrime operation leveraging counterfeit Web3 gaming projects to deploy malware targeting macOS and Windows users for data theft.
Hihi 😁! In this blog post, we’ll explore the functionality, features, and advantages of Incinerator, an advanced Android reverse engineering suite inspired by the success of Shambles.Our mission is straightforward: we want an advanced hassle-free solution to reverse Android applications, especially…
macOS has been gaining the unwanted attention of more and more backdoor operators since late 2023. In February 2024, Bitdefender uncovered RustDoor, which was written in Rust and possibly has ties to the operators of a Windows ransomware.
Jamf Threat Labs analyzed two macOS infostealer campaigns: an Atomic Stealer variant delivered via poisoned sponsored ads mimicking Arc Browser, and a malicious MeetHub application bundling a Rust-based stealer and chainbreaker to dump keychain and wallet data…
A macOS stealer has been found camouflaged inside a partially obfuscated AppleScript and Bash payload delivered via a DMG trojan. The campaign uses phishing, masquerading as legitimate apps, and memory-based execution to steal credentials and sensitive data. #…