Two sentences summarizing the article: ReversingLabs details a malicious npm package masquerading as Material Tailwind that installs via a postinstall script to download a password-protected ZIP containing a Windows executable. The campaign employs obfuscated …
Tag: MACOS
IronDefense documented a unique Black Hat NOC environment where real malware activity and classroom demos co-exist, revealing notable infections like SHARPEXT, Shlayer, and NetSupport RAT. The findings highlight the challenges of defending a highly segmented, …
XCSSET, a macOS malware family, updated in 2022 to adapt to macOS Monterey and to prepare for a future without Python by removing Python-based components and shifting toward SHC-compiled droppers and run-only AppleScripts. The analysis outlines infection refin…
Iron Tiger’s operation against Mimi chat installers shows a supply chain compromise delivering HyperBro on Windows and rshell on macOS/Linux across multiple targets. The campaign spans three major platforms, uses code obfuscation, and establishes C2 communicat…
CloudMensis is a macOS backdoor that spies on victims by exfiltrating documents, keystrokes, and screen captures, and communicates with its operators exclusively via public cloud storage services. It uses a two-stage architecture where the first stage download…
SeaFlower is a highly sophisticated intrusion set that targets web3 wallets by delivering backdoored iOS/Android apps, injecting covert code to exfiltrate seed phrases and balances. It uses provisioning-based sideloading, dylib injections, React Native bundle …
LuoYu is a China-focused threat actor active since 2008, known for malware families SpyDealer, Demsty and WinDealer that target Windows, Linux, macOS and Android. A standout development is WinDealer’s man-on-the-side capability, delivered via several novel dis…
Sonatype researchers detected a malicious Python package named “pymafka” on PyPI that typosquats the popular library PyKafka and delivers a Cobalt Strike beacon across Windows, macOS, and Linux. The package downloads platform-specific payloads from external IP…
CrateDepression is a Rust crate supply-chain attack targeting Rust developers and GitLab CI pipelines, using a typosquatted dependency (rustdecimal) to drop a second-stage Go-based payload built on Mythic Poseidon. The campaign could enable larger-scale supply…
ESET analyzes a watering-hole campaign that delivers a new macOS backdoor named DazzleSpy via a WebKit/Safari exploit chain. Targets were Hong Kong pro-democracy individuals, with infection hosted on amnestyhk.org and other compromised sites like fightforhk.co…
Specialists of the Russian company Dr Web found malicious software that threatens the MacOS operating system, which allows attackers to download and execute any Python code on the user’s device. In addition, sites distributing this malware also infected Windows users with a dangerous spyware Trojan….