Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications

June 20, 2024, 12:42 p.m.

Description

While monitoring data in Recorded Future Malware Intelligence, Insikt Group identified purported virtual meeting software called Vortax that, upon download and installation, delivers three information stealers (“infostealers”) in cross-platform attacks — Rhadamanthys, Stealc, and, most notably, Atomic macOS Stealer (AMOS) — in an extensive campaign aimed at cryptocurrency theft.

External References

https://go.recordedfuture.com/hubfs/reports/cta-2024-0617.pdf
https://otx.alienvault.com/pulse/66741fdb1af81fa3ecb09bf9
Tags
macos
c2
2024-06-20

Date

  • Created: June 20, 2024, 12:26 p.m.
  • Published: June 20, 2024, 12:26 p.m.
  • Modified: June 20, 2024, 12:42 p.m.

Indicators

  • f9785743539fdfb2199b53be57f86d5dba5c0cd3dfad1130de1532f92e0c7c4f
  • f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843
  • eb74c9dd0a0e3ea3cb31338c55e9e630fdee964a7b5967efcdfa8daa26a0f129
  • dee705f4a513081afe9ab682b832068ac558ad3145038e57edc8109ab0e80769
  • c34f8b6a299dd867a8d00b4fc50d91d9fdde4aa36f7c2a444aab4601dd4238e1
  • be7e5707e5e399aedcfb2800d7039ff050500be3bafd217ca9200abed8bef03f
  • bde29a5215e685805f00fee5f03de3478f8214195ecf93fb81562bcd6122149d
  • b1817f23b4b0b09cd7db9e90eac166ddf0de9d22aaf69f17308da43854604d9e
  • 9f676511cb9b35e2916ebf79aec6b4aa6514f8bf640ea2fe786d16a7ed8dab7b
  • 93463142e354b05bbac20b9e9498ee5f8c9ea2488151ee6870189baab0b7e2ff
  • 922afb7de0159e7b435290868c51f33c59e0990ec964f77de9201534e4232117
  • 8fb5de2498e48338825253f9d165986403661003393278d93cb35f5f9a1549dc
  • 8e6176eaea919bae5b75000244474d8310a7b8d59806fca133d78f5343839d76
  • 856979042a3c1f61050cc08e8f11856dc714ec16969bd0fc562fd47c9e6c8e4c
  • 750baf928763a60343f8d48e45c4a4ca8da1243add410821b51484242571d089
  • 7f6f85e1ae4186edc9bf821943893b183a6a9252b0899d682c1899201dffc496
  • 73c099168755acbc793675a5e64ca719f909cd1943db5757af96b2c1c79ae6d8
  • 7225d5fde4daa4552daf67a0ac2f6d7ec0e768536c5377ee3e7beaa04603a6f5
  • 5d6075e33a168dfa44492dbec5462c6142399b708ec0d038e3e1869141e6b378
  • 5d45cc81a22e6ba596b12db4baec5b20ccbe9ce52f8258fa5690da0e5ef2a982
  • 5a441a59fe273161ff82cbe2a7fbddd21386481ad03cc1782b5b41b6b839c245
  • 4b35a3872589f44c43469cf73c54b525506f6cc894598d109c5f931923c6eba9
  • 05219c02d66daad246eab2abccc35384c34f17ce1daa2fee21cf0bfee88e31b2
  • 79.137.197.159
  • 89.105.198.134
  • 77.221.151.54
  • 193.233.132.137
  • xhaxo.com
  • weworkhappy.com
  • vortax.space
  • vortax.org
  • vortax.io
  • tripleplay-arg1.com
  • showpiecekennelmating.com
  • shinudating.com
  • repairleatherla.com
  • plumbonwater.com
  • piloje.com
  • pegamente.com
  • nongduangmarket.com
  • novatercaagilidade.com
  • msjessd.com
  • marylandhomerates.com
  • iuddy.com
  • institutoangelabatista.com
  • indianahomerates.com
  • hobbyplanners.com
  • garagemfinity.com
  • faruvinnovations.com
  • eliteneatproductshop.com
  • ebolight.com
  • deskpaypal.com
  • crosstacks.com
  • crosscertify.com
  • cheapcleanprotein.com
  • casino-legrand.info
  • betbhaibetting.com
  • assetsreserve.com
  • aidigibrain.com
  • 123mllhasbrasil.com
Download all indicators here!

Attack Patterns

  • AMOS
  • Atomic macOS
  • StealC
  • Rhadamanthys
  • T1444
  • T1041