Found 13 bookmarks
Newest
Why Join The Navy If You Can Be A Pirate?
Why Join The Navy If You Can Be A Pirate?
Analyzing a pirated application, that contains a (malicious) surprise A few days ago, malwrhunterteam tweeted about pirated macOS application that appeared to contain malware And even though as noted in the tweet the sample appeared to be from 2023, it was new to me so I decided to take some time to dig in deeper. Plus, I’m always interested in seeing if Objective-See’s free open-source tools can provide protection against recent macOS threats. In this blog post we’ll start with the disk image, then hone in on a malicious dynamic library, which turns out just to be the start!
#objective-see#EN#2024#macOS#pirated#malicious#UltraEdit
·objective-see.org·
Why Join The Navy If You Can Be A Pirate?
Analyzing DPRK's SpectralBlur
Analyzing DPRK's SpectralBlur
In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg
#objective-see#EN#2024#Analysis#macOS#backdoor#SpectralBlur#malware
·objective-see.org·
Analyzing DPRK's SpectralBlur
Analyzing an arm64 mach-O version of LockBit
Analyzing an arm64 mach-O version of LockBit
The relevance of this macOS specimen is well articulated in their tweet: “Lockbit ransomware group has created their first MacOS-based payload. We believe this is the first time a large ransomware threat group has developed a payload for Apple products.” vx-underground Ok, so even though it’s the weekend, we have what appears to be a new macOS malware specimen from one of the more notorious ransomware gangs! Coupled with the fact that this may be, (as noted by @VXUnderground), “the first time a large ransomware threat group has developed a payload for Apple products” …I was intrigued to decided to dig right in!
#objective-see#EN#2023#LockBit#macOS#analysis
·objective-see.org·
Analyzing an arm64 mach-O version of LockBit
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.
#objective-see#2022#EN#Shlayer#macos#malware#IoCs#analysis
·objective-see.org·
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.
#objective-see#2022#EN#Shlayer#macos#malware#IoCs#analysis
·objective-see.org·
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it. The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces. SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.
#objective-see#EN#2022#web3#iOS#backdoor#wallet#SeaFlower
·objective-see.org·
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it. The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces. SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.
#objective-see#EN#2022#web3#iOS#backdoor#wallet#SeaFlower
·objective-see.org·
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it. The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces. SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.
#objective-see#EN#2022#web3#iOS#backdoor#wallet#SeaFlower
·objective-see.org·
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets