In June 2024, Kaspersky discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat.
The samples Kaspersky found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers’ server. The researchers noticed that some versions of the backdoor use local IP addresses to connect to C2, which led us to believe the threat may be targeted. This also points to an intention to exploit the backdoor for lateral movement through the victim’s network.
Read more…
Source: Kaspersky
Related:
- US Cyber Command issues alert about hackers exploiting Outlook vulnerability
July 2, 2019
US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday. The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook ...
- Phishing, ransomware are top cyberattacks on financial services firms
July 1, 2019
Phishing and ransomware attacks are the most reported types of cyberattacks on financial services firms, but in most cases the causes of outages were far more mundane. Financial services firms reported 819 cyber incidents to their watchdog, the Financial Conduct Authority (FCA), last year, a huge rise on the 69 incidents reported the year before. Retail banks were responsible ...
- Island hopping: The latest security threat you should be aware of
July 1, 2019
While island hopping sounds like a great way to spend a holiday in Thailand or Greece, the term also refers to an advanced cyber attack technique. Though it’s not a new phenomenon, this type of attack increased in prevalence in 2018 and will likely become more and more common. The name ‘island hopping’ comes from a WWII ...
- New Dridex Variant Slips By Anti-Virus Detection
June 28, 2019
A never-before-seen Dridex variant has been spotted in phishing emails using anti-virus detection evasion tactics. Researchers have spotted a variant of the Dridex banking trojan with new obfuscation capabilities that help it skirt anti-virus detection. While Dridex has been around since 2011, researchers told Threatpost Friday that they recently spotted phishing emails distributing a never-before-seen variant of the ...
- Newly-Discovered Malware Targets Unpatched MacOS Flaw
June 25, 2019
Researchers have discovered never-before-seen Mac malware samples, which they believe are being developed to target a recently-disclosed vulnerability in the MacOS operating system. The vulnerability, a bypass that was disclosed in May and has yet to be patched by Apple, exists in the MacOS Gatekeeper security feature, which verifies downloaded applications before allowing them to run on Macs. ...
- Riltok mobile Trojan: A banker with global reach
June 25, 2019
Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted, with minimal modifications, for the European “market.” The bulk of its victims (more than 90%) reside in Russia, with France in second place (4%). ...