macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed
DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and Github devs with repo spam.
2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise
Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.
BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence
SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.
macOS Adload | Prolific Adware Pivots Just Days After Apple’s XProtect Clampdown
Learn about the latest Adload adware variants, written in Go and intended to bypass Apple's recent XProtect updates.
The Many Faces of Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
Learn about the latest threats to macOS as Infostealers continue to rapidly adapt to evade static signatures.
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads
Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.
macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks
The rise of macOS infostealers continues with the latest entrant aiming to compromise business environments with targeted social engineering lures.
XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.
Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release
Crimeware actors have launched an extensive campaign to target macOS users with malware disguised in multiple fake blockchain games.
BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -
Threat actors are using increasingly sophisticated forms of evasion and anti-analysis as they respond to increased attention to macOS security in the enterprise.
Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram
A macOS infostealer being sold on Telegram, Atomic Stealer has a second variant that appears primed to target users directly on YouTube.
LockBit for Mac | How Real is the Risk of macOS Ransomware?
Discovery of a macOS variant of LockBit has caused alarm, but how serious a threat is it? We explore the malware and the threat of ransomware on Apple Macs.
Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users
Stealing data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware does it.
Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding
A cryptominer that uses the Invisible Internet protocol, Honkbox variants could still be evading some detection solutions.
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Stay ahead of the game with our review on macOS malware threats. Learn about the top techniques used by threat actors to deliver malware and how to build more resilient defenses.
Top 10 macOS Malware Discoveries in 2022
Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.
Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.
XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python
New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.
From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
Researchers looking into a new APT group targeting gambling sites with a variety of cross-platform malware recently identified a version of oRAT malware targeting macOS users and written in Go. While neither RATs nor Go malware are uncommon on any platform, including the Mac, the development of such a tool by a previously unknown APT is an interesting turn, signifying the increasing need for threat actors to address the rising occurrence of Macs among their intended targets and victims. In this post, we dig deeper into the technical details of this novel RAT to understand better how it works and how security teams can detect it in their environments.
Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users
Stealing data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware does it.
Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding
A cryptominer that uses the Invisible Internet protocol, Honkbox variants could still be evading some detection solutions.
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Stay ahead of the game with our review on macOS malware threats. Learn about the top techniques used by threat actors to deliver malware and how to build more resilient defenses.
Top 10 macOS Malware Discoveries in 2022
Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.
Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.
XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python
New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.
From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
Researchers looking into a new APT group targeting gambling sites with a variety of cross-platform malware recently identified a version of oRAT malware targeting macOS users and written in Go. While neither RATs nor Go malware are uncommon on any platform, including the Mac, the development of such a tool by a previously unknown APT is an interesting turn, signifying the increasing need for threat actors to address the rising occurrence of Macs among their intended targets and victims. In this post, we dig deeper into the technical details of this novel RAT to understand better how it works and how security teams can detect it in their environments.
XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python
New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.
From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
Researchers looking into a new APT group targeting gambling sites with a variety of cross-platform malware recently identified a version of oRAT malware targeting macOS users and written in Go. While neither RATs nor Go malware are uncommon on any platform, including the Mac, the development of such a tool by a previously unknown APT is an interesting turn, signifying the increasing need for threat actors to address the rising occurrence of Macs among their intended targets and victims. In this post, we dig deeper into the technical details of this novel RAT to understand better how it works and how security teams can detect it in their environments.