Mac

Pierluigi Paganini April 19, 2021
XCSSET malware now targets macOS 11 and M1-based Macs

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips. The new variant also implements new […]

Pierluigi Paganini March 18, 2021
XcodeSpy Mac malware targets Xcode Developers with a backdoor

Unknown threat actors have been using a new XcodeSpy Mac malware to target software developers who use Apple’s Xcode integrated development environment. Researchers at SentinelOne uncovered a series of attacks involving a new XcodeSpy used to deliver a custom variant of a backdoor tracked as EggShell. The EggShell allows threat actors to spy on users, capture […]

Pierluigi Paganini June 21, 2020
New Shlayer Mac malware spreads via poisoned search engine results

Shlayer Mac malware is back, the Mac threat is now spreading through new black SEO operations. Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. Researchers at security firm Intego observed the new variant being spread masqueraded as a fake Adobe Flash Player installer (.DMG disk […]

Pierluigi Paganini May 09, 2020
North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

North Korea-linked Lazarus APT group employed a Mac variant of the Dacls Remote Access Trojan (RAT) in recent attacks. North Korea-linked Lazarus APT already used at least two macOS malware in previous attacks, now researchers from Malwarebytes have identified a new Mac variant of the Linux-based Dacls RAT. The activity of the Lazarus APT group (aka HIDDEN COBRA) […]

Pierluigi Paganini March 28, 2019
Lazarus APT continues to target cryptocurrency businesses with Mac malware

North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign […]

Pierluigi Paganini January 31, 2019
CookieMiner Mac Malware steals browser cookies and sensitive Data

Palo Alto Networks discovered a piece of Mac malware dubbed CookieMiner that is targeting browser cookies associated with cryptocurrency exchanges and wallet service websites.. Researchers from Palo Alto Networks discovered a new piece of Mac malware dubbed CookieMiner that steals browser cookies associated with cryptocurrency exchanges and wallet service websites along with other sensitive data. […]

Pierluigi Paganini December 10, 2018
A new Mac malware combines a backdoor and a crypto-miner

Experts from Malwarebytes discovered a new strain of Mac malware, tracked as DarthMiner, that is a combination of two open-source programs.  Experts from Malwarebytes discovered a new piece of Mac malware, tracked as DarthMiner, that is the combination of two open source tools. The malware is distributed through Adobe Zii, an application supposedly helps in the piracy […]

Pierluigi Paganini November 20, 2018
Mac users using Exodus cryptocurrency wallet targeted by a small spam campaign

Security researchers at F-Secure have recently uncovered a small spam campaign aimed at delivering spyware to Mac users that use Exodus wallet. Security experts at F-Secure have recently spotted a small spam campaign aimed at Mac users that use Exodus cryptocurrency wallet. The campaign leverages Exodus-themed phishing messages using an attachment named “Exodus-MacOS-1.64.1-update.zip.”  The messages were […]

Pierluigi Paganini May 24, 2018
Many users reported in the past few weeks their Macs have been infected with a new Monero Miner

In the past weeks, many Mac users have been infected with a new strain of Monero miner, the infections confirm the rise of this kind of malware. According to researchers at Malwarebytes, many Mac users in the past weeks have been infected with a new strain of Monero miner. The owners of the infected Mac systems […]

Pierluigi Paganini November 23, 2017
Crooks set up a fake Symantec Blog to spread the macOS Proton malware

A new strain of the notorious macOS Proton malware is spreading through a blog spoofing the legitimate blog of the security firm Symantec. The attackers used the same domain registration information of the original site, except for the email address. The SSL digital certificate for the site is a legitimate certificate issued by Comodo instead of the […]