In this article, we’ll delve into the world of designing and developing malware for macOS, which is essentially a Unix-based operating system. We’ll take a classic approach to exploring Apple’s internals. All you need is a basic understanding of exploitation, along with knowledge of C and Python programming, as well as…
Tag: MACOS
A Chinese advanced persistent threat (ATP) actor tracked as Evasive Panda has been observed targeting Tibetans in watering hole and supply chain attacks, cybersecurity firm ESET reports. Also referred to as Bronze Highland and Daggerfly, Evasive Panda has been active since at least 2012, historicall…
Cisco on Wednesday announced patches for two high-severity vulnerabilities in Secure Client, the enterprise VPN application that also incorporates security and monitoring capabilities. The first issue, tracked as CVE-2024-20337, impacts the Linux, macOS, and Windows versions of Secure Client and cou…
The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023.
The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor.
The findings come from ESET, which
ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans
Sekoia.io analysis describes updates to NoName057(16)’s Project DDoSia tooling: multi-architecture binaries (Windows, Linux, macOS, FreeBSD, ARM, x86) and a new encrypted POST-based C2 protocol that reports per-host metadata and a GUID derived from the Windows…
This Wireshark tutorial guides the reader in exporting different packet capture objects. It builds on a foundation of malware traffic analysis skills.
The post Wireshark Tutorial: Exporting Objects From a Pcap appeared first on Unit 42….
Internal documents from I-Soon show the company focuses more on processing and analyzing stolen data than on developing novel exploits, delivering analyst-facing platforms that use deep learning to classify and extract intelligence. Their offensive toolset rel…
A scam campaign uses calendar-link phishing via Calendly to deliver macOS malware, with attackers posing as crypto investors to lure victims into a video call. The delivered AppleScript trojan is linked to North Korean threat actors BlueNoroff and Lazarus, and…
Here at Bitdefender, we’re constantly working on improving detection
capabilities for our macOS cyber-security products; part of this effort involves
revisiting old (or digging up new) samples from our malware zoo. During routine
verifications, we were able to isolate multiple suspicious and undetected macOS
disk image files surprisingly small for files of this kind (1.3 MB per file).
A short look into the code revealed that these files are significantly similar
to other samples analysed in the
Earth Lusca used a geopolitical-themed lure timed around the Taiwanese election to deliver a multi-stage infection that culminated in a Cobalt Strike payload communicating with C2 domains such as updateservice[.]store and Cybereason[.]xyz. The campaign employe…
An in-depth look at a PyRation-family malware variant analyzed by StratosphereIPS, focusing on a Windows Python-based client–bot architecture and capabilities such as screen capture, keylogging, AV detection, anonymous browsing, and remote command execution. T…
RustDoor (macOS) and GateDoor (Windows) are a cross‑platform pair of malware disguised as legitimate updates or utilities, with RustDoor acting as a backdoor and GateDoor as a loader. They share overlapping C2 infrastructure linked to ShadowSyndicate, and empl…
Volexity details CharmingCypress campaigns that use highly targeted spear-phishing and a fake webinar portal to force installation of malware-laden VPN clients, leading to Windows backdoors (POWERLESS, BASICSTAR) and a macOS backdoor (NOKNOK). The report descr…
BlueShell is a Go-based backdoor used against Linux systems in Korea and Thailand, with a threat actor customizing and deploying it via a dropper that loads the malware into memory. The campaign features environment-variable-configured C2 data, TLS-enabled C2 …