New macOS malware gives attackers backdoor access to Macs
Sept. 16, 2024, 10:28 a.m.
Tags
External References
Description
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of spreading through malicious VPN apps and malvertising campaigns. Precautions like using trusted antivirus software and downloading apps from official sources are recommended to mitigate the threat.
Date
Published: Sept. 16, 2024, 9:56 a.m.
Created: Sept. 16, 2024, 9:56 a.m.
Modified: Sept. 16, 2024, 10:28 a.m.
Indicators
ffeed91c223a718c1afd6d8f059a76ec97eb0eae6c4b2072b343be1b4eba09b8
f3c101cd1e7be4ce6afe5d0236bfdd5b43870ff03556908f75692585cfd55c55
f39aafb9489b9b60b34e3d4e78cd9720446b6247531b81cbd4877804b065a25f
eb7a8ddf8fc13efcc4785226d0085379399c088604a8a451b8800b11e836a5af
e02e264a745e046f2a85ad90698fdd241c7902e73572a54995a8b20349bef940
d9b0fcd3b20a82b97b4c74deebc7a2abb8fd771eaa12aaf66bdd5cdeaa30f706
d006d5864108094a82315ee60ce057afc8be09546ffaa1f9cc63a51a96764114
c689113a9a2fca2148caa90f71115c2c2bafeac36edebde4ffc63f87619033a9
87393d937407a6fe9e69dad3836e83866107809980e20a40ae010d7d72f90854
7af7422edf7c558b6215489c020673e195e5eedd99ae330bb90066924f5cf661
74c92a7bc5f909f4e36d65ee1eb254c438f47f1a7d559d7629bccafd2d2979db
6210ec0e905717359e01358118781a148b6d63834a54a25a95e32e228598c391
5d78fc86a389247d768a6bdf46f3e4fd697ed87c133b99ee6865809e453b2908
1e07585f52be4605be0459bc10c67598eebe8c5d003d6e2d42f4dbbd037e74c1
1400210f2eedab36caff8ce89d6d19859ba3116775981b2be8b5069ef109c2c3
0cca3449ff12cb75c9fd9cf4628b5d72f5ac67d1954dc97d9830436207c4c917
58.49.21.113
47.100.65.182
29.40.48.21
218.65.110.180
218.193.83.70
123.232.31.206
120.53.133.226
113.125.92.32
111.21.246.147
Attack Patterns
HZ RAT
T1124
T1213
T1555
T1573
T1518
T1057
T1083
T1219
T1056
T1563