Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
MacOS Users Targeted By OceanLotus Backdoor
#1
Information 
Quote:A macOS backdoor variant has been uncovered that relies of multi-stage payloads and various updated anti-detection techniques. Researchers linked it to the OceanLotus advanced persistent threat (APT) group.
 
The Vietnam-backed OceanLotus (also known as APT 32) has been around since at least 2013, and previously launched targeted attacks against media, research and construction companies. Researchers said that in this case the attackers behind the malware variant appear to be hitting users from Vietnam, because the name of the lure document from the campaign is in Vietnamese. Older samples of the backdoor have targeted the same region before, according to researchers from Trend Micro.
 
“Some of the updates of this new variant include new behavior and domain names,” said researchers Luis Magisa and Steven Du. “Threat groups such as OceanLotus are actively updating malware variants in attempts to evade detection and improve persistence.”
 
The initial attack vector (such as phishing emails or otherwise) behind the malware is unclear; Threatpost has reached out to researchers for more details. However, the OceanLotus APT was recently discovered using malicious websites as well as Google Play apps to spread other malware.
 
The malware is packed in an app, bundled in a .zip archive. The app attempts to pass itself off as a Microsoft Word document (using the Word icon). The app bundle contains two notable files: The shell script containing the main malicious processes, and the “Word” file displayed during execution.

Read more: https://threatpost.com/macos-users-targe...or/161655/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>