In June 2024, Kaspersky discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat.
The samples Kaspersky found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers’ server. The researchers noticed that some versions of the backdoor use local IP addresses to connect to C2, which led us to believe the threat may be targeted. This also points to an intention to exploit the backdoor for lateral movement through the victim’s network.
Read more…
Source: Kaspersky
Related:
- Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
October 3, 2025
Trend Research is currently investigating an aggressive malware campaign that leverages online instant messaging platform WhatsApp as its primary infection vector. Unlike traditional attacks focused on theft or ransomware, this campaign is engineered for speed and propagation, abusing social trust and automation to spread among Windows users. Trend Research analysis identifies the campaign as SORVEPOTEL, and ...
- Cavalry Werewolf raids Russia’s public sector with trusted relationship attacks
October 2, 2025
BI.ZONE Threat Intelligence recorded Cavalry Werewolf activity from May to August 2025. In order to gain initial access, the attackers sent out targeted phishing emails disguising them as official correspondence from Kyrgyz government officials. The main targets of the attacks were Russian state agencies, as well as energy, mining, and manufacturing enterprises. Cavalry Werewolf relied ...
- Confucius Espionage: From Stealer to Backdoor
October 2, 2025
The Confucius group is a long-running cyber-espionage actor operating primarily across South Asia. First identified in 2013, the group is believed to have links to state-sponsored operations in the region. Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries—especially in Pakistan—using spear-phishing and malicious documents as initial access ...
- US Air Force admits SharePoint privacy issue as reports trickle out of possible breach
October 1, 2025
The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue. A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on social media. “This message is to inform you of a critical Personally Identifiable Information (PII) and ...
- This new phishing kit turns PDF files into malware
October 1, 2025
A new PDF phishing kit is being sold on the dark web, promising customers advanced features, a simple interface, and competitive pricing, experts have warned. Security researchers from Varonis spotted MatrixPDF, an advanced solution being advertised as a legitimate tool, despite being circulated around the dark web. Its full name is MatrixPDF: Document Builder – Advanced ...
- UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized
October 1, 2025
The U.K. Government is seeking to keep most of the $7 billion in Bitcoin it seized in connection with a Chinese investment fraud, following the conviction of the fraud’s alleged organizer this week. Zhimin Qian pleaded guilty on counts of possessing and transferring criminal property at Southwark Crown Court on Monday, following last year’s conviction of ...