Security News > 2023 > July > Charming Kitten hackers use new ‘NokNok’ malware for macOS
Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems.
After gaining the target's trust, Charming Kitten sends a malicious link that contains a Google Script macro, redirecting the victim to a Dropbox URL. This external source hosts a password-protected RAR archive with a malware dropper that leverages PowerShell code and an LNK file to stage the malware from a cloud hosting provider.
Attacks on macOS. If the victim uses macOS, which the hackers typically realize after they fail to infect them with the Windows payload, they send a new link to "Library-store[.]camdvr[.]org" that hosts a ZIP file masquerading as a RUSI VPN app.
The NokNok malware gathers system information that includes the version of the OS, running processes, and installed applications.
Overall, this campaign shows that Charming Kitten has a high degree of adaptability, is capable of targeting macOS systems when necessary, and highlights the growing threat of sophisticated malware campaigns to macOS users.
New PowerExchange malware backdoors Microsoft Exchange servers.
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Hackers use macOS extended file attributes to hide malicious code (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)