Security News > 2022 > October > New Alchimist attack framework targets Windows, macOS, Linux

Cybersecurity researchers have discovered a new attack and C2 framework called 'Alchimist,' which appears to be actively used in attacks targeting Windows, Linux, and macOS systems.

Alchimist offers a web-based interface using the Simplified Chinese language, and it's very similar to Manjusaka, a recently-emerged post-exploitation attack framework growing popular among Chinese hackers.

Alchimist gives operators an easy-to-use framework that lets them generate and configure payloads placed on infected devices to remotely take screenshots, run arbitrary commands, and perform remote shellcode execution.

Insikt doesn't work on macOS yet, so Alchimist covers this gap using a Mach-O file, a 64-bit executable written in GoLang that contains an exploit for CVE-2021-4034.

Alchimist offers the same exploit for the Linux platform, too, as long as pkexec is installed on the system.

Alchimist is another attack framework available to cybercriminals who don't have the knowledge or capacity to build all the components required for sophisticated cyberattacks.

News URL

https://www.bleepingcomputer.com/news/security/new-alchimist-attack-framework-targets-windows-macos-linux/