Insights, news, education and announcements from PolySwarm | MacOS

New XLoader Variant Disguised as Signed App

Sep 1, 2023 1:24:48 PM / by The Hivemind posted in Threat Bulletin, Xloader, MacOS

Executive Summary

A new XLoader variant has been observed in the wild, targeting MacOS systems and disguising itself as a signed OfficeNote app.

Read More

Realst MacOS Infostealer

Aug 7, 2023 2:41:09 PM / by The Hivemind posted in Blockchain, Threat Bulletin, Stealer, Infostealer, Gaming, MacOS, Realst

Executive Summary

Read More

Geacon - Cobalt Strike for MacOS

May 26, 2023 2:01:00 PM / by The Hivemind posted in Cobalt Strike, MacOS, Pentesting, Geacon

Related Families: Cobalt Strike

Executive Summary

Geacon is a Cobalt Strike adaptation developed to target MacOS. Geacon versions are available to target both Apple silicon and Intel architectures.

Read More

BlueNoroff's RustBucket MacOS Malware

May 12, 2023 3:48:04 PM / by The Hivemind posted in Threat Bulletin, Lazarus, North Korea, Financial, MacOS, Mac, RustBucket, BlueNoroff

Verticals Targeted: Financial

Executive Summary

North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems. Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.

Read More

LockBit MacOS Variant

Apr 24, 2023 3:36:34 PM / by The Hivemind posted in Threat Bulletin, Ransomware, LockBit, MacOS, Mac, Apple

Related Families: LockBit

Read More

MacStealer Targeting MacOS Devices

Apr 6, 2023 4:06:25 PM / by The Hivemind posted in Threat Bulletin, Stealer, MacOS, Mac, MacStealer

Executive Summary

Read More