Security News > 2023 > July > Charming Kitten hackers use new ‘NokNok’ malware for macOS
Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems.
After gaining the target's trust, Charming Kitten sends a malicious link that contains a Google Script macro, redirecting the victim to a Dropbox URL. This external source hosts a password-protected RAR archive with a malware dropper that leverages PowerShell code and an LNK file to stage the malware from a cloud hosting provider.
Attacks on macOS. If the victim uses macOS, which the hackers typically realize after they fail to infect them with the Windows payload, they send a new link to "Library-store[.]camdvr[.]org" that hosts a ZIP file masquerading as a RUSI VPN app.
The NokNok malware gathers system information that includes the version of the OS, running processes, and installed applications.
Overall, this campaign shows that Charming Kitten has a high degree of adaptability, is capable of targeting macOS systems when necessary, and highlights the growing threat of sophisticated malware campaigns to macOS users.
New PowerExchange malware backdoors Microsoft Exchange servers.
News URL
Related news
- Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)