Tag: macOS Malware

“Activator” Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets
News

“Activator” Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets

Users of Apple macOS have reported being infected by cracked software with a previously unreported stealer virus that can retrieve wallet and system data. According to Kaspersky, which discovered the artifacts in the wild, the virus can infect Mac computers with both Intel and Apple silicon CPU architectures because it is made to target devices running macOS Ventura 13.6 and later. The attack chains use disk image (DMG) files that have been booby-trapped and contain the program "Activator" as well as a pirated version of genuine software like xScope. If users manage to open the DMG files, they are advised to move both files into the Applications folder read more MacOS Malware Hides in Cracked Apps Targeting Crypto Wallets. Get up to date on the latest cybersecurity news and e...
North Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection
News

North Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection

Threat actors from North Korea have been observed "mixing and matching" various components of the two distinct attack chains, using RustBucket droppers to propagate KANDYKORN, one of the macOS malware strains they are responsible for. The research was conducted by cybersecurity firm SentinelOne, which also connected the RustBucket campaign to a third malware that is specific to macOS and is known as ObjCShellz. RustBucket is the name of an activity cluster associated with the Lazarus Group, wherein, upon viewing a specially crafted lure document, a backdoored version of a PDF reader app called SwiftLoader read more North Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity wit...
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
News

North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware

Using a unique macOS malware known as KANDYKORN, state-sponsored threat actors from the Democratic People's Republic of Korea (DPRK) have been discovered using Discord to target blockchain engineers of an unidentified cryptocurrency exchange company. According to Elastic Security Labs, which cited an examination of the network architecture and methods employed, the activity, which dates back to April 2023, shows similarities with the notorious antagonistic collective Lazarus Group. "In order to obtain first access to the environment, threat actors enticed blockchain engineers with a Python application," security experts Ricardo Ungureanu, Seth Goodwin, and Andrew Pease stated in a paper released today. This intrusion involved multiple complex stages that each employed deliberate ...
Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware
News

Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

An updated version of the Atomic Stealer (or AMOS) macOS stealer malware has been seen being distributed through a fresh malvertising operation, showing that its creator is still actively maintaining it. Atomic Stealer, a ready-made Golang malware that costs $1,000 a month, first came to light in April 2023. Soon after, other variations that targeted bitcoin users and gamers were discovered in the wild. These variants had an expanded set of information-gathering functions. Google Ads have been identified as the main distribution channel for malicious advertisements, which are displayed to users who are looking for popular software on search engines, either legally or illegally, and which link to websites that hold malicious installations read more Malvertising Campaign Spreads Atomi...