Security News > 2024 > August > Threat Actors Increasingly Target macOS, Report Finds

Intel471's new report reveals macOS is increasingly targeted by threat actors, who develop specific malware for the operating system or use cross-platform languages to achieve their goals on macOS computers.

More malware than ever on macOS. Between January 2023 and July 2024, the researchers observed more than 40 threat actors targeting macOS systems with different malware types, the most popular being infostealers and trojans.

Multiple cybercriminals operate or advertise other infostealers targeting macOS. A threat actor nicknamed codehex advertised for a macOS infostealer dubbed ShadowVault, capable of stealing data from various Chrome-based browsers, files stored on compromised computers, and data from cryptocurrency wallets.

While different spyware providers have sold their services to state-sponsored threat actors, some of these threat actors do develop malware and tools aimed at macOS. North Korean threat actor BlueNoroff, for example, has developed a malicious loader known as RustBucket, developed for macOS and aimed at targeting financial institutions whose activities are related to cryptocurrencies.

Russian threat actors APT28, part of the Russian Main Directorate of the General Staff of the Armed Forces, and APT29, part of Russia's Foreign Intelligence Service, have also used macOS malware.

APT29 used the no-longer-supported Empire cross-platform remote administration and post-exploitation framework, enabling targeting of macOS. Vietnam-based threat actor APT32 also deployed a macOS backdoor used for targeting different organizations.

News URL

https://www.techrepublic.com/article/threat-actors-target-mac-os-2024/