Security News > 2020 > May > North Korean Hackers Release Mac Variant of Dacls RAT
North Korea-linked hacking group Lazarus has been leveraging a Mac variant of the Dacls Remote Access Trojan, Malwarebytes reports.
Last year, security researchers identified at least two macOS-targeting malware families used by Lazarus in attacks, and a new one appears to have been added to their arsenal: a Mac variant of the Linux-based Dacls RAT. Initially identified by security researchers with Qihoo 360 NetLab in December 2019, the Dacls backdoor targeted both Windows and Linux systems.
The Mac version is similar to the Linux variant, packing command execution capabilities, file management and traffic proxying features, and worm scanning.
The malware features seven plugins: six identified in the Linux variant, and an additional one named SOCKS, which is used to proxy network traffic from the victim to the C&C server.
Similar to the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm.
News URL
Related news
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)