LightSpy Malware Variant Targeting macOS
May 1, 2024, 11:07 p.m.
Tags
External References
Description
This report details the discovery of a macOS variant of the LightSpy malware, previously known to target iOS and Android devices. The macOS implant consists of a dropper that downloads and runs a core implant dylib, which in turn loads various plugins to accomplish malicious tasks. The report provides a technical analysis of the malware components, including the droppers, implants, and plugins, highlighting key differences from the iOS version. It also discusses the communication with the command-and-control (C2) server and the data collection capabilities of the malware. The report aims to raise awareness about the evolving threats targeting the macOS platform.
Date
Published: April 29, 2024, 6:41 p.m.
Created: April 29, 2024, 6:41 p.m.
Modified: May 1, 2024, 11:07 p.m.
Indicators
fc7e77a56772d5ff644da143718ee7dbaf7a1da37cceb446580cd5efb96a9835
d2ccbf41552299b24f186f905c846fb20b9f76ed94773677703f75189b838f63
ac6d34f09fcac49c203e860da00bbbe97290d5466295ab0650265be242d692a6
65aa91d8ae68e64607652cad89dab3273cf5cd3551c2c1fda2a7b90aed2b3883
5fb67d42575151dd2a04d7dda7bd9331651c270d0f4426acd422b26a711156b5
4b973335755bd8d48f34081b6d1bea9ed18ac1f68879d4b0a9211bbab8fa5ff4
4511567b33915a4c8972ef16e5d7de89de5c6dffe18231528a1d93bfc9acc59f
3d6ef4d88d3d132b1e479cf211c9f8422997bfcaa72e55e9cc5d985fd2939e6d
18bad57109ac9be968280ea27ae3112858e8bc18c3aec02565f4c199a7295f3a
0f66a4daba647486d2c9d838592cba298df2dbf38f2008b6571af8a562bc306c
0f662991dbd0568fc073b592f46e60b081eedf0c18313f2c3789e8e3f7cb8144
103.27.109.217
Attack Patterns
LightSpy
APT 41
T1598.001
T1592.003
T1592.001
T1071.002
T1001.003
T1588.001
T1592.002
T1003.002
T1003.001
T1497.001
T1071.001
T1070.004
T1562.001
T1070
T1083
T1033