…it is likely that the attackers relied on social engineering efforts, having to coerce macOS users to download and run trojanized application. The trojanized application was (re)named TinkaOTP, and distributed via disk image TinkaOTP.dmg distributed via a Trojanized two-factor authentication application for macOS called MinaOTP" MalwareBytes, who uncovered the Mac variant of OSX.Dacls, note: Infection Vector: Trojanized (2FA) Application “New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app”.…in 2020, MalwareBytes uncovered a macOS variant. "Dacls is a RAT that was discovered by Qihoo 360 NetLab in December 2019 as a fully functional covert remote access Trojan targeting the Windows and Linux platforms." -Malwarebytes Installed (to /usr/bin/lldb) as part of Xcode.Ī “reverse engineering tool (for macOS) that lets you disassemble, decompile and debug your applications” …or malware specimens!ĭacls is a macOS port of the cross-platform Dacls RAT (created by the Lazarus APT group), which affords a remote attacker complete control over an infected system.ĭacls originally was discovered in 2019, but at that time was only seen targeting Windows and Linux systems: The de-facto commandline debugger for macOS. Our ( open-source) utility that displays code-signing information, via the UI. Our user-mode ( open-source) utility monitors file events (such as creation, modifications, and deletions) providing detailed information about such events. Our user-mode ( open-source) utility that monitors process creations and terminations, providing detailed information about such events. Throughout this blog, we’ll reference various tools used in analyzing the malware specimens. I’d personally like to thank the following organizations, groups, and researchers for their work, analysis, & assistance! and others who choose to remain unnamed. by the AV company that discovered them), this blog aims to cumulatively and comprehensively cover all the new Mac malware of 2020 in one place …yes, with samples of each malware for download, so that you can play along! #SharingIsCaring While the malware may have been reported on before (i.e. …now, back to malware! For the fifth year in a row, I’ve decided to put together a blog post that aims to comprehensively cover all the new Mac malware that appeared during the course of the year. They can intercept and decrypt all network traffic, create hidden users with static passwords, make insecure changes to system settings, and generally dig their roots deep into the system so that it is incredibly challenging to eradicate completely." -Thomas Reed "However, adware and PUPs can actually be far more invasive and dangerous on the Mac than “real” malware. The noted security researcher, Thomas Reed articulates this well in writeup titled “ Mac adware is more sophisticated and dangerous than traditional Mac malware”: However, it is wise not to underestimate the potential impact of adware, upon its victims. "The vast majority of threats for macOS in were in the AdWare category." -Kaspersky And the reality is, if a Mac user is infected with malicious code, more than likely it will be adware (vs. It is important to note these statistics include both adware (and potentially unwanted programs). "And for the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint." -Malwarebytes This is well illustrated in Malwarebytes’ “ 2020 State of Malware Report”: In recent years, malicious programs targeting macOS have grown in prevalence (and sophistication), perhaps even reaching parity with Microsoft Windows platforms. Goodbye, and good riddance 2020 …and hello 2021! □ …just make sure not to infect yourself!! □️ PrintableĪ printable (PDF) version of this report can be downloaded here: The Mac Malware of 2020.pdf ⌛ Background All samples covered in this post are available in our malware collection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |