Security News > 2020 > May > North Korean Hackers Release Mac Variant of Dacls RAT
North Korea-linked hacking group Lazarus has been leveraging a Mac variant of the Dacls Remote Access Trojan, Malwarebytes reports.
Last year, security researchers identified at least two macOS-targeting malware families used by Lazarus in attacks, and a new one appears to have been added to their arsenal: a Mac variant of the Linux-based Dacls RAT. Initially identified by security researchers with Qihoo 360 NetLab in December 2019, the Dacls backdoor targeted both Windows and Linux systems.
The Mac version is similar to the Linux variant, packing command execution capabilities, file management and traffic proxying features, and worm scanning.
The malware features seven plugins: six identified in the Linux variant, and an additional one named SOCKS, which is used to proxy network traffic from the victim to the C&C server.
Similar to the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)