2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

Jan. 21, 2025, 9:51 a.m.

Description

The year 2024 saw a significant increase in malware campaigns targeting macOS users in enterprise environments. Threats included infostealers disguised as business apps, sophisticated modular backdoors, and APT activities. Notable malware families included Amos Atomic infostealers, Backdoor Activator, LightSpy, BeaverTail, ToDoSwift, Hidden Risk, HZ RAT, CloudChat Infostealer, NotLockBit ransomware, CloudFake, and RustyAttr. These threats employed various tactics such as credential theft, data exfiltration, and remote access capabilities. The rise in cross-platform development frameworks and sophisticated attack techniques indicates a growing focus on macOS as a target for enterprise attacks, highlighting the need for robust endpoint detection and response capabilities.

External References

https://www.sentinelone.com/blog/2024-macos-malware-review-infostealers-backdoors-and-apt-campaigns-targeting-the-enterprise/
https://otx.alienvault.com/pulse/678f678601adc557b6eb48ad
Tags
macos
2025-01-21

Date

  • Created: Jan. 21, 2025, 9:23 a.m.
  • Published: Jan. 21, 2025, 9:23 a.m.
  • Modified: Jan. 21, 2025, 9:51 a.m.

Indicators

  • e02b3309c0b6a774a4d940369633e395b4c374dc3e6aaa64410cc33b0dcd67ac
  • aca17ec46730f5677d0d0a995b65504e97dce65da699fac1765db1933c97c7ec
  • a28af0684456c26da769a2e0d29c5a726e86388901370ddf15bd3b355597d564
  • 2e62c9850f331799f1e4893698295d0b069ab04529a6db1bfc4f193fe6aded2c
  • 14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31
  • ffeed91c223a718c1afd6d8f059a76ec97eb0eae6c4b2072b343be1b4eba09b8
  • f3c101cd1e7be4ce6afe5d0236bfdd5b43870ff03556908f75692585cfd55c55
  • f39aafb9489b9b60b34e3d4e78cd9720446b6247531b81cbd4877804b065a25f
  • d9b0fcd3b20a82b97b4c74deebc7a2abb8fd771eaa12aaf66bdd5cdeaa30f706
  • d006d5864108094a82315ee60ce057afc8be09546ffaa1f9cc63a51a96764114
  • c689113a9a2fca2148caa90f71115c2c2bafeac36edebde4ffc63f87619033a9
  • 87393d937407a6fe9e69dad3836e83866107809980e20a40ae010d7d72f90854
  • 7af7422edf7c558b6215489c020673e195e5eedd99ae330bb90066924f5cf661
  • 6210ec0e905717359e01358118781a148b6d63834a54a25a95e32e228598c391
  • 5d78fc86a389247d768a6bdf46f3e4fd697ed87c133b99ee6865809e453b2908
  • 1e07585f52be4605be0459bc10c67598eebe8c5d003d6e2d42f4dbbd037e74c1
  • 1400210f2eedab36caff8ce89d6d19859ba3116775981b2be8b5069ef109c2c3
  • 0cca3449ff12cb75c9fd9cf4628b5d72f5ac67d1954dc97d9830436207c4c917
  • 43.156.13.232
  • 45.77.179.89
  • 45.140.147.208
  • matuaner.com
  • buy2x.com
Download all indicators here!

Attack Patterns

  • HZ
  • Init
  • C++
  • LightSpy
  • BeaverTail
  • BlueNoroff

Additional Informations

  • Crypto
  • Cryptocurrency
  • Finance