A naukri.com initiative
Sentinelone
1w
400
Image Credit: Sentinelone
ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants
- ReaderUpdate is a macOS malware loader platform that has been observed since 2020 but largely unnoticed by vendors, delivering Genieo adware.
- New variants in Crystal, Nim, Rust, and Go were identified, with SentinelOne linking them to ReaderUpdate infections.
- The original ReaderUpdate binary is a x86 Mach-O weighing 5.63Mb, embedding Python runtime and an obfuscated script.
- The malware reaches out to C2 domains and delivers payloads like Genieo adware, sharing similarities with older samples.
- ReaderUpdate variants exist in Python, Go, Crystal, Rust, and Nim, primarily targeting x86 Intel architecture.
- These malware variants are commonly distributed through free software or trojanized utility apps, impacting older macOS versions.
- The Go variant's technical breakdown reveals system information collection, C2 communication, and potential for executing remote commands.
- Variant-specific sizes and SHA-1 hashes for the Python, Go, Crystal, Rust, and Nim versions of ReaderUpdate were provided.
- The Go variant of ReaderUpdate has been less common compared to others, with only 9 identified samples linked to 7 unique domains.
- Multiple domains and infrastructure connect different variants, showing an ongoing campaign for stealthy malware distribution.
Read Full Article
24 Likes
For uninterrupted reading, download the app