Trending

#macosmalware

Latest posts tagged with #macosmalware on Bluesky

Latest Top

Posts tagged #macosmalware

Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
1 week ago
Preview
New Infinity Stealer malware grabs macOS data via ClickFix lures A new info-stealing campaign called Infinity Stealer targets macOS by delivering a Python payload compiled into a native executable with the Nuitka compiler and lures users via a ClickFix fake Cloudflare CAPTCHA. The payload performs anti-analysis checks, harvests browser credentials, macOS Keychain entries, cryptocurrency wallets and plaintext developer secrets, and exfiltrates data to a C2 via HTTP while notifying operators via Telegram; users should never paste unknown commands into Terminal. #InfinityStealer #Nuitka

New Infinity Stealer malware targets macOS by delivering Python payloads compiled with Nuitka, using fake ClickFix Cloudflare CAPTCHAs to steal browser credentials, Keychain data, crypto wallets, and dev secrets. #macOSMalware #InfoStealer

0 0 0 0
Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
1 week ago
Preview
Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka Infiniti Stealer is a previously undocumented macOS infostealer delivered via a ClickFix social‑engineering scheme that tricks users into pasting a Terminal command to fetch a Bash dropper and ultimately runs a Nuitka‑compiled Python stealer. The malware decodes and executes staged payloads, removes quarantine flags, harvests browser credentials, Keychain entries, wallets, and...

Infiniti Stealer targets macOS using a fake Cloudflare page to trick users into running a Bash dropper. It steals browser creds, Keychain data, wallets, and dev secrets, exfiltrating via HTTP and notifying via Telegram. #InfinitiStealer #MacOSMalware

0 0 0 0
CyberMaterial
CyberMaterial
@cybermaterial.bsky.social
2 weeks ago
Post image

Ghost Campaign Uses npm to Steal Crypto
Read More: buff.ly/N4NYXqk

#GhostCampaign #npmSecurity #SupplyChainAttack #CryptoTheft #MaliciousPackages #DeveloperSecurity #macOSMalware #LinuxSecurity

0 0 0 0
CyberMaterial
CyberMaterial
@cybermaterial.bsky.social
2 months ago
Post image

Microsoft Warns Python Infostealers On macOS
Read More: buff.ly/sA1LZdJ

#macOSMalware #PythonMalware #InfoStealer #ThreatIntel #SocialEngineering #Malvertising #MicrosoftSecurity #CredentialTheft

0 0 0 0
CyberMaterial
CyberMaterial
@cybermaterial.bsky.social
3 months ago
Post image

Nomani Investment Scam Rises Using AI
Read More: buff.ly/OZyBEkf

#MacSyncMalware #macOSMalware #AppleGatekeeper #CodeSignedMalware #SwiftMalware #macOSSecurity #EndpointSecurity #ThreatResearch #AppleSecurity

0 0 0 0
CyberMaterial
CyberMaterial
@cybermaterial.bsky.social
3 months ago
Post image

New Macsync Malware Bypasses Macos
Read More: buff.ly/VugqKTX

#MacSyncMalware #macOSMalware #AppleGatekeeper #CodeSignedMalware #SwiftMalware #macOSSecurity #EndpointSecurity #ThreatResearch #AppleSecurity

0 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
8 months ago
Preview
New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App delivered through pirated macOS software read more about New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App

New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App reconbee.com/new-zuru-mal...

#ZuRumalware #malwareattack #developers #Trojanizedterminus #macosmalware #macosapp

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
8 months ago
Preview
NimDoor: North Korean Hackers Deploy Sophisticated macOS Malware Targeting Web3 and Crypto Firms   North Korean state-sponsored hackers have rolled out a new macOS malware strain dubbed NimDoor, designed to infiltrate Web3 and cryptocurrency organizations. According to a fresh analysis by SentinelOne researchers, the attackers leveraged uncommon methods and an innovative signal-based persistence mechanism never observed before. The attack chain starts with threat actors reaching out to potential victims through Telegram, persuading them to execute a bogus Zoom SDK update distributed via Calendly invitations and email—an approach reminiscent of tactics recently attributed to BlueNoroff by the managed security provider Huntress. SentinelOne’s report notes that the adversaries used a mix of C++ and Nim-compiled binaries (collectively referred to as NimDoor) on macOS—"a more unusual choice." One of these binaries, named 'installer,' handles the initial setup by preparing directories and configuration paths. It then deploys two additional components—'GoogIe LLC' and 'CoreKitAgent'—onto compromised systems. GoogIe LLC focuses on harvesting environment details and generating a hex-encoded configuration file, which is saved in a temporary directory. It also sets up a macOS LaunchAgent (com.google.update.plist) to ensure the malware runs automatically at login and retains authentication keys for future use. The most advanced piece of the toolkit is CoreKitAgent, the primary payload of NimDoor. This event-driven binary leverages macOS’s kqueue mechanism for asynchronous execution and implements a 10-state machine with a hardcoded transition table, enabling dynamic control depending on runtime conditions. A particularly distinctive characteristic is CoreKitAgent’s signal-based persistence, which relies on custom handlers for SIGINT and SIGTERM—signals typically used to terminate processes. "When triggered, CoreKitAgent catches these signals and writes the LaunchAgent for persistence, a copy of GoogIe LLC as the loader, and a copy of itself as the trojan, setting executable permissions on the latter two via the addExecutionPermissions_user95startup95mainZutils_u32 function," SentinelLABS explains. "This behavior ensures that any user-initiated termination of the malware results in the deployment of the core components, making the code resilient to basic defensive actions." Once active, CoreKitAgent decodes and executes a hex-encoded AppleScript that connects to command-and-control servers every 30 seconds, exfiltrates system information, and executes remote commands via osascript, effectively acting as a stealth backdoor. Alongside the main NimDoor infection, a parallel chain initiated by 'zoom_sdk_support.scpt' deploys 'trojan1_arm64', which establishes WebSocket Secure (WSS)-based communications with attacker infrastructure. It downloads two additional scripts—upl and tlgrm—to facilitate data theft. Notably, researchers discovered that the loader script contains over 10,000 blank lines to hinder detection. Upl focuses on extracting browser data, Keychain credentials, and shell history files (.bash_history and .zsh_history), transmitting the stolen information to dataupload[.]store via curl. Meanwhile, tlgrm targets Telegram data, including .tempkeyEncrypted files, likely to decrypt private messages exchanged on the platform. Overall, SentinelLABS describes NimDoor and its associated payloads as among the most complex macOS malware attributed to North Korean threat actors so far. The framework’s modular architecture and the use of novel persistence techniques underscore how DPRK operators are continuously refining their cross-platform attack capabilities to breach cryptocurrency ecosystems and steal sensitive information. SentinelLABS’ comprehensive report provides detailed indicators of compromise, including malicious domains, file paths, scripts, and binaries linked to these intrusions.  

NimDoor: North Korean Hackers Deploy Sophisticated macOS Malware Targeting Web3 and Crypto Firms #cryptocurrencyattacks #MacOSMalware #malware

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
9 months ago
Post image

North Korean hackers are deploying NimDoor macOS malware via fake Zoom updates, targeting crypto firms. Stay vigilant! #CyberSecurity #NimDoor #macOSMalware #CryptoSecurity Link: thedailytechfeed.com/north-korean...

1 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
9 months ago
Preview
NimDoor crypto-theft macOS malware revives itself when killed cybersecurity firm SentinelOne this is a more unusual choice read more about NimDoor crypto-theft macOS malware revives itself when killed

NimDoor crypto-theft macOS malware revives itself when killed reconbee.com/nimdoor-cryp...

#NimDoor #crypto #macOSmalware #malwareattack #malware

0 0 0 0
MalWhere?
MalWhere?
@malwhere.bsky.social
9 months ago
Post image

1/3
🚨North Korea’s BlueNoroff (aka Sapphire Sleet) uses DEEPFAKES of execs in fake Zoom calls to trick employees into installing macOS malware. Their goal: steal crypto wallets & sensitive data. Huntress exposed this sophisticated attack.
#CyberSecurity #Deepfake #MacOSMalware #CryptoTheft #APT

0 0 1 0
malwr4n6
malwr4n6
@malwr4n6.bsky.social
1 year ago
Preview
macOS Malware Analysis : PKG Files There are very few resources on macOS Malware Analysis of native file types. I have often struggled to learn it in the beginning. Hence I decided to write a detailed article on PKG file analysis!

🔍 Understanding macOS Malware is crucial for any professional today.

Check out my in-depth guide on analyzing PKG files to enhance your skills in macOS Malware Analysis: www.malwr4n6.com/post/macos-m...

#macos #malwareanalysis #macosmalware #apple #malware #guide

1 0 1 0
The DefendOps Diaries
The DefendOps Diaries
@defendopsdiaries.bsky.social
1 year ago
Preview
Unmasking the New XCSSET macOS Malware Variant: A Deep Dive into Crypto Theft Tactics | The DefendOps Diaries Explore the new XCSSET macOS malware variant's tactics in crypto theft and advanced obfuscation techniques.

Unmasking the New XCSSET macOS Malware Variant: A Deep Dive into Crypto Theft Tactics

thedefendopsdiaries.com/unmasking-th...

#xcsset
#macosmalware
#cryptotheft
#cybersecurity
#malwareanalysis
#infosec
#obfuscation
#zeroday
#securitythreats
#macossecurity

1 0 0 0
Tarnkappe.info
Tarnkappe.info
@tarnkappe.bsky.social
1 year ago
Preview
Banshee Stealer Quellcode geleakt: macOS-Malware unschädlich gemacht Cyberkriminelle geben auf: Die Malware Banshee Stealer für MacOS wurde nach Veröffentlichung des Quellcodes aufgegeben. Der Artikel <a href="https://tarnkappe.info/artikel/it-sicherheit/banshee-stealer-quellcode-geleakt-macos-malware-unschaedlich-gemacht-304847.html">Banshee Stealer Quellcode geleakt: macOS-Malware unschädlich gemacht</a> erschien zuerst auf <a href="https://tarnkappe.info">TARNKAPPE.info</a>

📬 Banshee Stealer Quellcode geleakt: macOS-Malware unschädlich gemacht

#ITSicherheit #Malware #BansheeStealer #ElasticSecurityLabs #macOS #macOSMalware #QuellcodeLeak #VXUnderground

1 0 0 0
Bex
Bex
@4n6bexaminer.bsky.social
1 year ago

What is old is new again, #atomicstealer being distributed via #clearfake campaign. Haven't seen that in a while!

Clearfake domain: cejecuu4[.]xyz
C2: 193.124.185[.]23

Payload staged in Dropbox

#macosmalware #infostealers #amos #fakebrowserupdates #fakechrome

2 0 1 0