Security News > 2022 > October > New Alchimist attack framework targets Windows, macOS, Linux
Cybersecurity researchers have discovered a new attack and C2 framework called 'Alchimist,' which appears to be actively used in attacks targeting Windows, Linux, and macOS systems.
Alchimist offers a web-based interface using the Simplified Chinese language, and it's very similar to Manjusaka, a recently-emerged post-exploitation attack framework growing popular among Chinese hackers.
Alchimist gives operators an easy-to-use framework that lets them generate and configure payloads placed on infected devices to remotely take screenshots, run arbitrary commands, and perform remote shellcode execution.
Insikt doesn't work on macOS yet, so Alchimist covers this gap using a Mach-O file, a 64-bit executable written in GoLang that contains an exploit for CVE-2021-4034.
Alchimist offers the same exploit for the Linux platform, too, as long as pkexec is installed on the system.
Alchimist is another attack framework available to cybercriminals who don't have the knowledge or capacity to build all the components required for sophisticated cyberattacks.
News URL
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Fake AI video generators infect Windows, macOS with infostealers (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
- Evilginx: Open-source man-in-the-middle attack framework (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-28 | CVE-2021-4034 | Out-of-bounds Write vulnerability in multiple products A local privilege escalation vulnerability was found on polkit's pkexec utility. | 7.8 |