The researchers of the Jamf has revealed the existence of a new malware on macOS, which seems to be connected to the the hackers of North Koreaknown to attack them, and especially to the brave, cyber, which are intended mainly to stealing the money to fund the purposes of the land, and to circumvent the economic sanctions.
macOS: malware is a new, out of the Us, in the three scenarios
The Malware was found in the VirusTotalbut, surprisingly, it is reported as “clean”. It was released in three versions: one that is written in the Go!"and the other one in the Python and the third, by using the Flutter, the open source of Google's well-known for allowing developers to create apps for iOS, Android, etc. by the base only, the code in Dart.
In this case, the malware is claimed to be a simple game in the style Minesweeper of the cloned directly from GitHub, the load on the purpose of the evil hidden in a file dylib. This is the code of the hidden sought for a connection to a server, the command and control (C2) in the mbupdate[.]linkpc[.]the net, a scope with a link to the malware of the past, of North Korea.
Fortunately, the server is not operated when the Jamf now is that, having just turned up an error “404 not found”, so the attack was not completely successful. However, the malware is able to be bypassed first process, the safety and security of Apple, and that it would mean that the security systems of macOS believe that it was true.
Please note that the malware is configured to execute the commands, AppleScript to be sent from the server and execute them on the other hand, to avoid detection. In the tests, the Jamf, it was confirmed that the malware can be fulfil by the distance to any command AppleScript to be sent from the server to C2, which could have given the hackers complete control of whether the attack was going to happen and the usa.
Discussion about this post