Security News > 2023 > July > Charming Kitten hackers use new ‘NokNok’ malware for macOS

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems.

After gaining the target's trust, Charming Kitten sends a malicious link that contains a Google Script macro, redirecting the victim to a Dropbox URL. This external source hosts a password-protected RAR archive with a malware dropper that leverages PowerShell code and an LNK file to stage the malware from a cloud hosting provider.

Attacks on macOS. If the victim uses macOS, which the hackers typically realize after they fail to infect them with the Windows payload, they send a new link to "Library-store[.]camdvr[.]org" that hosts a ZIP file masquerading as a RUSI VPN app.

The NokNok malware gathers system information that includes the version of the OS, running processes, and installed applications.

Overall, this campaign shows that Charming Kitten has a high degree of adaptability, is capable of targeting macOS systems when necessary, and highlights the growing threat of sophisticated malware campaigns to macOS users.

New PowerExchange malware backdoors Microsoft Exchange servers.

News URL

https://www.bleepingcomputer.com/news/security/charming-kitten-hackers-use-new-noknok-malware-for-macos/