Security News > 2020 > May > North Korean Hackers Release Mac Variant of Dacls RAT
North Korea-linked hacking group Lazarus has been leveraging a Mac variant of the Dacls Remote Access Trojan, Malwarebytes reports.
Last year, security researchers identified at least two macOS-targeting malware families used by Lazarus in attacks, and a new one appears to have been added to their arsenal: a Mac variant of the Linux-based Dacls RAT. Initially identified by security researchers with Qihoo 360 NetLab in December 2019, the Dacls backdoor targeted both Windows and Linux systems.
The Mac version is similar to the Linux variant, packing command execution capabilities, file management and traffic proxying features, and worm scanning.
The malware features seven plugins: six identified in the Linux variant, and an additional one named SOCKS, which is used to proxy network traffic from the victim to the C&C server.
Similar to the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm.
News URL
Related news
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics (source)
- CoinStats says North Korean hackers breached 1,590 crypto wallets (source)
- Japan warns of attacks linked to North Korean Kimsuky hackers (source)
- North Korean Hackers Update BeaverTail Malware to Target MacOS Users (source)
- KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack (source)
- North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (source)
- U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals (source)