Encircle News!

Retro Game Arcade
, , ,

Chinese hackers target Mac users with boosted Macma malware

TechRadar – All the latest technology news

Chinese cybercriminals known as Daggerfly (AKA Evasive Panda or Bronze Highland) have been observed targeting macOS users with an updated version of their proprietary malware

A report from Symantec claims the new variant was most likely introduced since older variants got too exposed.

The malware in question is called Macma. It is a macOS backdoor that was first observed in 2020, but it's still not known who built it. The researchers believe it had been used since at least 2019, mostly in watering hole attacks against compromised websites in Hong Kong. Being a modular backdoor, Macma’s key functionalities include device fingerprinting, executing commands, screen grabbing, keylogging, audio capture, and uploading/downloading files from the compromised systems.

Taiwanese and American targets

The discovery of recent Macma variants are testament of “ongoing development”, the researchers further explained, saying that they also observed a second version of Macma containing incremental updates to the existing functionality. 

Daggerfly was apparently using Macma against organizations in Taiwan and an American non-government organization in China.

In these attacks, it used more than just Macma. Symantec says they abused a vulnerability in an Apache HTTP server to also deploy their MgBot malware, a modular framework first observed back in 2008. In the past, MgBot was seen used in targeted attacks, mostly since it was exceptionally good at evading detection, while remaining persistent. 

The framework is designed to be highly adaptable, allowing operators to deploy various plugins and modules to perform different malicious activities depending on the target and objectives. These activities can include data theft, keylogging, capturing screenshots, and remote control of the infected system. 

Finally, Dggerfly used a Windows backdoor called Trojan.Suzafk, first documented by ESET in March this year (the researchers called it Nightdoor, or NetMM). Suzafk was developed using the same shared library used in Mgbot, Macma, and a number of other Daggerfly tools, Symantec added. Suzafk is a multi-staged backdoor capable of using TCP or OneDrive for C&C. 

Via BleepingComputer

More from TechRadar Pro

https://www.techradar.com/pro/security/chinese-hackers-target-mac-users-with-new-macma-malware

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

July 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 989: Executive Laundry Folding Disorder – Crowdstrike, Prime Day, Stremaing the Olympics This Week in Tech (Audio)

Biden drops out of the race via tweet "CrowdStrike update that caused global outage likely skipped checks, experts say Amazon's Prime Day causes worker injuries, Senate probe finds Kaspersky Lab Closing U.S. Division; Laying Off Workers Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks The Paris Olympics Will Show Us the Future of Sports on TV Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures FBI Used New Cellebrite Software to Access Trump Shooter's Phone Hundreds more Californians get housing with Apple's help Microsoft's new AI system 'SpreadsheetLLM' unlocks insights from spreadsheets, boosting enterprise productivity Bethesda Game Studios workers unionize under Communications Workers of America Host: Leo Laporte Guests: Lisa Schmeiser, Ashley Esqueda, and Anthony Ha Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit – use code: TWIT lookout.com mintmobile.com/twit NetSuite.com/TWIT motific.ai
  1. TWiT 989: Executive Laundry Folding Disorder – Crowdstrike, Prime Day, Stremaing the Olympics
  2. TWiT 988: Flaming Corn Maze – AT&T Breach, Galaxy Z Fold6, Olympic Disinfo
  3. TWiT 987: Often Plagiarized, Never Equalled – Sapce Junk, Threads Hits 175M Users, AIndependence
  4. TWiT 986: Our Dope GPS! – Supreme Court Decisions, Snapdragon X Elite Tests
  5. TWiT 985: TikTok With Wings – AT&T Landlines, US Bans Kaspersky and DJI