Security News > 2023 > June > Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems

Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems.

On devices running macOS, Base64-encoded content retrieved from the server is written to a file named "/Users/Shared/AppleAccount.

The same routine, on Linux hosts, validates the operating system distribution by checking the "/etc/os-release" file.

Bitdefender said it also found a "More potent backdoor" among the samples, a file labeled "Sh.py" that comes with an extensive set of capabilities to gather system metadata, enumerate files, delete files, execute commands and files, and exfiltrate encoded data in batches.

The file houses two Mach-O files for the twin CPU architectures, x86 Intel and ARM M1. "Its primary purpose is apparently to check permissions before using a potential spyware component but does not include the spyware component itself," the researchers said.

Xcc's spyware connections stem from a path identified within the file content, "/Users/joker/Downloads/Spy/XProtectCheck/" and the fact that it checks for permissions such as Disk Access, Screen Recording, and Accessibility.

News URL

https://thehackernews.com/2023/06/researchers-discover-new-sophisticated.html