Security News > 2020 > July > Several New Mac Malware Families Attributed to North Korean Hackers

North Korean-linked threat actor Lazarus has been employing at least four new Mac-targeting malware families in recent attacks, SentinelOne security researchers reveal.

Some of the most recent malware families that Lazarus has been leveraging in attacks include the macOS version of the DaclsRAT, and the cross-platform MATA framework, which also targets Windows and Linux systems.

Simultaneously with all three new malware variants, Lazarus has started using a lightweight backdoor written primarily in Objective-C and C and referred to as OSX.Casso, which also has a Windows counterpart.

More recently, Lazarus appears to have been working with two additional malware families, referred to as WatchCat and MediaRemote, based on observed strings for "Com.apple.watchcat.plist" and "MediaRemote.app," with detections increasing rapidly over the past 14 days.

"All of the samples reviewed above have appeared in the last eight to ten weeks and are evidence that threat actors behind the Lazarus group are pursuing several distinct campaigns, using a variety of technologies, and are themselves keeping up-to-date with the Apple platform. These are not actors merely porting Windows malware to macOS, but rather Mac-specific developers deeply invested in writing custom malware for Apple's platform," SentinelOne concludes.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/jYr3yGLVnEs/several-new-mac-malware-families-attributed-north-korean-hackers