Found 14 bookmarks
Custom sorting
Atomic macOS infostealer adds backdoor for persistent attacks
Atomic macOS infostealer adds backdoor for persistent attacks
Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. The new component allows executing arbitrary remote commands, it survives reboots, and permits maintaining control over infected hosts indefinitely. MacPaw's cybersecurity division Moonlock analyzed the backdoor in Atomic malware after a tip from independent researcher g0njxa, a close observer of infostealer activity. "AMOS malware campaigns have already reached over 120 countries, with the United States, France, Italy, the United Kingdom, and Canada among the most affected," the researchers say. "The backdoored version of Atomic macOS Stealer now has the potential to gain full access to thousands of Mac devices worldwide."
#bleepingcomputer#EN#2025#AMOS#Atomic#Backdoor#Info-Stealer#Information-Stealer#macOS
·bleepingcomputer.com·
Atomic macOS infostealer adds backdoor for persistent attacks
NimDoor crypto-theft macOS malware revives itself when killed
NimDoor crypto-theft macOS malware revives itself when killed
North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. Researchers analyzing the payloads discovered that the attacker relied on unusual techniques and a previously unseen signal-based persistence mechanism. The attack chain, which involves contacting victims via Telegram and luring them into running a fake Zoom SDK update, delivered via Calendly and email, resembles the one Huntress managed security platform recently linked to BlueNoroff. Advanced macOS malware In a report today, researchers at cybersecurity company SentinelOne says that the threat actor used C++ and Nim-compiled binaries (collectively tracked as NimDoor ) on macOS, which "is a more unusual choice." One of the Nim-compiled binaries, 'installer', is responsible for the initial setup and staging, preparing directories and config paths. It also drops other two binaries - 'GoogIe LLC,' 'CoreKitAgent', onto the victim's system. GoogIe LLC takes over to collect environment data and generate a hex-encoded config file, writing it to a temp path. It sets up a macOS LaunchAgent (com.google.update.plist) for persistence, which re-launches GoogIe LLC at login and stores authentication keys for later stages. The most advanced componentused in the attack is CoreKitAgent, the main payload of the NimDoor framework, which operates as an event-driven binary, using macOS's kqueue mechanism to asynchronously manage execution. It implements a 10-case state machine with a hardcoded state transition table, allowing flexible control flow based on runtime conditions. The most distinctive feature is its signal-based persistence mechanisms, where it installs custom handlers for SIGINT and SIGTERM.
#bleepingcomputer#EN#2025#macOS#Malware#Nim#NimDoor#Persistence#North-Korea
·bleepingcomputer.com·
NimDoor crypto-theft macOS malware revives itself when killed
Microsoft: macOS bug lets hackers install malicious kernel drivers
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. #Apple #Computer #InfoSec #Integrity #Microsoft #Protection #SIP #Security #System #Vulnerability #macOS
#bleepingcomputer#EN#2024#CVE-2024-44243#System#macOS#Apple#Security#Integrity#SIP
·bleepingcomputer.com·
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS.
#bleepingcomputer#EN#2024#CVE-2024-44309#CVE-2024-44308#macos#JavaScriptCore#WebKit#exploited
·bleepingcomputer.com·
Apple fixes two zero-days used in attacks on Intel-based Macs
New macOS 'KandyKorn' malware targets cryptocurrency engineers
New macOS 'KandyKorn' malware targets cryptocurrency engineers
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. The attackers impersonate members of the cryptocurrency community on Discord channels to spread Python-based modules that trigger a multi-stage KandyKorn infection chain. Elastic Security discovered and attributed the attacks to Lazarus based on overlaps with past campaigns concerning the employed techniques, network infrastructure, code-signing certificates, and custom Lazarus detection rules.
#bleepingcomputer#EN#2023#macOS#Lazarus#Discord#Python-based#cryptocurrency#engineers#Targeted
·bleepingcomputer.com·
New macOS 'KandyKorn' malware targets cryptocurrency engineers