LightSpy Malware Variant Targeting macOS
May 1, 2024, 11:07 p.m.
Description
This report details the discovery of a macOS variant of the LightSpy malware, previously known to target iOS and Android devices. The macOS implant consists of a dropper that downloads and runs a core implant dylib, which in turn loads various plugins to accomplish malicious tasks. The report provides a technical analysis of the malware components, including the droppers, implants, and plugins, highlighting key differences from the iOS version. It also discusses the communication with the command-and-control (C2) server and the data collection capabilities of the malware. The report aims to raise awareness about the evolving threats targeting the macOS platform.
Tags
Date
- Created: April 29, 2024, 6:41 p.m.
- Published: April 29, 2024, 6:41 p.m.
- Modified: May 1, 2024, 11:07 p.m.
Indicators
- fc7e77a56772d5ff644da143718ee7dbaf7a1da37cceb446580cd5efb96a9835
- d2ccbf41552299b24f186f905c846fb20b9f76ed94773677703f75189b838f63
- ac6d34f09fcac49c203e860da00bbbe97290d5466295ab0650265be242d692a6
- 65aa91d8ae68e64607652cad89dab3273cf5cd3551c2c1fda2a7b90aed2b3883
- 5fb67d42575151dd2a04d7dda7bd9331651c270d0f4426acd422b26a711156b5
- 4b973335755bd8d48f34081b6d1bea9ed18ac1f68879d4b0a9211bbab8fa5ff4
- 4511567b33915a4c8972ef16e5d7de89de5c6dffe18231528a1d93bfc9acc59f
- 3d6ef4d88d3d132b1e479cf211c9f8422997bfcaa72e55e9cc5d985fd2939e6d
- 18bad57109ac9be968280ea27ae3112858e8bc18c3aec02565f4c199a7295f3a
- 0f66a4daba647486d2c9d838592cba298df2dbf38f2008b6571af8a562bc306c
- 0f662991dbd0568fc073b592f46e60b081eedf0c18313f2c3789e8e3f7cb8144
- 103.27.109.217
Attack Patterns
- LightSpy
- APT 41
- T1598.001
- T1592.003
- T1592.001
- T1071.002
- T1001.003
- T1588.001
- T1592.002
- T1003.002
- T1003.001
- T1497.001
- T1071.001
- T1070.004
- T1562.001
- T1070
- T1083
- T1033