New macOS malware gives attackers backdoor access to Macs

Sept. 16, 2024, 10:28 a.m.

Description

A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of spreading through malicious VPN apps and malvertising campaigns. Precautions like using trusted antivirus software and downloading apps from official sources are recommended to mitigate the threat.

External References

https://otx.alienvault.com/pulse/66e800e2c21ebe79acd9d5de
Tags
backdoor
surveillance
rat
macos
malicious
hz rat
2024-09-16

Date

  • Created: Sept. 16, 2024, 9:56 a.m.
  • Published: Sept. 16, 2024, 9:56 a.m.
  • Modified: Sept. 16, 2024, 10:28 a.m.

Indicators

  • ffeed91c223a718c1afd6d8f059a76ec97eb0eae6c4b2072b343be1b4eba09b8
  • f3c101cd1e7be4ce6afe5d0236bfdd5b43870ff03556908f75692585cfd55c55
  • f39aafb9489b9b60b34e3d4e78cd9720446b6247531b81cbd4877804b065a25f
  • eb7a8ddf8fc13efcc4785226d0085379399c088604a8a451b8800b11e836a5af
  • e02e264a745e046f2a85ad90698fdd241c7902e73572a54995a8b20349bef940
  • d9b0fcd3b20a82b97b4c74deebc7a2abb8fd771eaa12aaf66bdd5cdeaa30f706
  • d006d5864108094a82315ee60ce057afc8be09546ffaa1f9cc63a51a96764114
  • c689113a9a2fca2148caa90f71115c2c2bafeac36edebde4ffc63f87619033a9
  • 87393d937407a6fe9e69dad3836e83866107809980e20a40ae010d7d72f90854
  • 7af7422edf7c558b6215489c020673e195e5eedd99ae330bb90066924f5cf661
  • 74c92a7bc5f909f4e36d65ee1eb254c438f47f1a7d559d7629bccafd2d2979db
  • 6210ec0e905717359e01358118781a148b6d63834a54a25a95e32e228598c391
  • 5d78fc86a389247d768a6bdf46f3e4fd697ed87c133b99ee6865809e453b2908
  • 1e07585f52be4605be0459bc10c67598eebe8c5d003d6e2d42f4dbbd037e74c1
  • 1400210f2eedab36caff8ce89d6d19859ba3116775981b2be8b5069ef109c2c3
  • 0cca3449ff12cb75c9fd9cf4628b5d72f5ac67d1954dc97d9830436207c4c917
  • 58.49.21.113
  • 47.100.65.182
  • 29.40.48.21
  • 218.65.110.180
  • 218.193.83.70
  • 123.232.31.206
  • 120.53.133.226
  • 113.125.92.32
  • 111.21.246.147
Download all indicators here!

Attack Patterns

  • HZ RAT
  • T1124
  • T1213
  • T1555
  • T1573
  • T1518
  • T1057
  • T1083
  • T1219
  • T1056
  • T1563