In June 2024, Kaspersky discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat.
The samples Kaspersky found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers’ server. The researchers noticed that some versions of the backdoor use local IP addresses to connect to C2, which led us to believe the threat may be targeted. This also points to an intention to exploit the backdoor for lateral movement through the victim’s network.
Read more…
Source: Kaspersky
Related:
- Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
September 18, 2019
Trend Micro discovered a series of incidents where the credit card skimming attack Magecart was used to hit the booking websites of chain-brand hotels — the second time we’ve seen a Magecart threat actor directly hit ecommerce service providers instead of going for individual stores or third-party supply chains. Back in May, we discovered a ...
- Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)
September 18, 2019
Aviv Sasson, a security researcher from the cloud division of Unit 42, has identified a critical vulnerability in a widespread cloud native registry called Harbor. The vulnerability allows attackers to take over Harbor registries by sending them a malicious request. The maintainers of Harbor released a patch that closes this critical security hole. Versions 1.7.6 and 1.8.3 include this fix. Unit 42 has ...
- Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month
September 18, 2019
Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading computer viruses ...
- Assessing the impact of protection from web miners
September 17, 2019
Kaspersky Lab present the results of evaluating the positive economic and environmental impact of blocking web miners with Kaspersky products. The total power saving can be calculated with known accuracy using the formula <w>·N, where <w> is the average value of the increase in power consumption of the user device during web mining, and N is ...
- The Legend of Adwind: A Commodity RAT Saga in Eight Parts
September 17, 2019
In early 2012, a developer started selling the first of the Adwind family, Java-based remote access tools (RATs), called “Frutas.” In the ensuing years, it has been rebranded at least seven times. Its other names have included Adwind, UnReCoM, Alien Spy, JSocket, JBifrost, UnknownRat, and JConnectPro. The Adwind RAT family remains prevalent in the wild. Palo ...
- Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks
September 13, 2019
Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually effective email and network security layers. The attack starts with an ...