Insights, news, education and announcements from PolySwarm | MacOS (2)

SpectralBlur MacOS Backdoor

Jan 19, 2024 2:03:16 PM / by The Hivemind posted in Threat Bulletin, Backdoor, MacOS, Stardust Chollima, SpectralBlur, KandyKorn

Related Families: KandyKorn

Executive Summary

SpectralBlur is a fairly unsophisticated backdoor targeting MacOS devices. It has been attributed to Stardust Chollima.

Read More

New XLoader Variant Disguised as Signed App

Sep 1, 2023 1:24:48 PM / by The Hivemind posted in Threat Bulletin, Xloader, MacOS

Executive Summary

A new XLoader variant has been observed in the wild, targeting MacOS systems and disguising itself as a signed OfficeNote app.

Read More

Realst MacOS Infostealer

Aug 7, 2023 2:41:09 PM / by The Hivemind posted in Blockchain, Threat Bulletin, Stealer, Infostealer, Gaming, MacOS, Realst

Executive Summary

Read More

Geacon - Cobalt Strike for MacOS

May 26, 2023 2:01:00 PM / by The Hivemind posted in Cobalt Strike, MacOS, Pentesting, Geacon

Related Families: Cobalt Strike

Executive Summary

Geacon is a Cobalt Strike adaptation developed to target MacOS. Geacon versions are available to target both Apple silicon and Intel architectures.

Read More

BlueNoroff's RustBucket MacOS Malware

May 12, 2023 3:48:04 PM / by The Hivemind posted in Threat Bulletin, Lazarus, North Korea, Financial, MacOS, Mac, RustBucket, BlueNoroff

Verticals Targeted: Financial

Executive Summary

North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems. Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.

Read More

LockBit MacOS Variant

Apr 24, 2023 3:36:34 PM / by The Hivemind posted in Threat Bulletin, Ransomware, LockBit, MacOS, Mac, Apple

Related Families: LockBit

Read More

MacStealer Targeting MacOS Devices

Apr 6, 2023 4:06:25 PM / by The Hivemind posted in Threat Bulletin, Stealer, MacOS, Mac, MacStealer

Executive Summary

Read More