Executive Summary
Banshee is a stealer that targets MacOS systems. The latest variant of Banshee uses a string encryption algorithm that is the same as the one used in Apple’s Xprotect antivirus engine for MacOS systems.
Executive Summary
NotLockBit is a ransomware family that mimics LockBit. NotLockBit is unique in that it is one of the first fully functional ransomware families to target MacOS systems.
Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development
Executive Summary
North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.
Executive Summary
A MacOS variant of HZ Rat was recently discovered targeting messaging apps in China. HZ Rat is a basic backdoor, and shell commands received from the C2 provide additional functionality.
Related Families: Atomic Stealer
Executive Summary
Cthulhu is a stealer malware targeting MacOS systems. First observed in 2023, this malware-as-a-service (MaaS) is capable of targeting both x86_64 and ARM architectures.
Related Families: GravityRAT, HeavyLift, GravityAdmin
Verticals Targeted: Defense, Government, Technology
Executive Summary
Cosmic Leopard was observed targeting Windows, MacOS, and Android devices in a series of ongoing campaigns dubbed Operation Celestial Force. The threat actors used GravityRAT and HeavyLift to target entities in India.
