Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications
June 20, 2024, 12:42 p.m.
Tags
External References
Description
While monitoring data in Recorded Future Malware Intelligence, Insikt Group identified purported virtual meeting software called Vortax that, upon download and installation, delivers three information stealers (“infostealers”) in cross-platform attacks — Rhadamanthys, Stealc, and, most notably, Atomic macOS Stealer (AMOS) — in an extensive campaign aimed at cryptocurrency theft.
Date
Published: June 20, 2024, 12:26 p.m.
Created: June 20, 2024, 12:26 p.m.
Modified: June 20, 2024, 12:42 p.m.
Indicators
f9785743539fdfb2199b53be57f86d5dba5c0cd3dfad1130de1532f92e0c7c4f
f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843
eb74c9dd0a0e3ea3cb31338c55e9e630fdee964a7b5967efcdfa8daa26a0f129
dee705f4a513081afe9ab682b832068ac558ad3145038e57edc8109ab0e80769
c34f8b6a299dd867a8d00b4fc50d91d9fdde4aa36f7c2a444aab4601dd4238e1
be7e5707e5e399aedcfb2800d7039ff050500be3bafd217ca9200abed8bef03f
bde29a5215e685805f00fee5f03de3478f8214195ecf93fb81562bcd6122149d
b1817f23b4b0b09cd7db9e90eac166ddf0de9d22aaf69f17308da43854604d9e
9f676511cb9b35e2916ebf79aec6b4aa6514f8bf640ea2fe786d16a7ed8dab7b
93463142e354b05bbac20b9e9498ee5f8c9ea2488151ee6870189baab0b7e2ff
922afb7de0159e7b435290868c51f33c59e0990ec964f77de9201534e4232117
8fb5de2498e48338825253f9d165986403661003393278d93cb35f5f9a1549dc
8e6176eaea919bae5b75000244474d8310a7b8d59806fca133d78f5343839d76
856979042a3c1f61050cc08e8f11856dc714ec16969bd0fc562fd47c9e6c8e4c
750baf928763a60343f8d48e45c4a4ca8da1243add410821b51484242571d089
7f6f85e1ae4186edc9bf821943893b183a6a9252b0899d682c1899201dffc496
73c099168755acbc793675a5e64ca719f909cd1943db5757af96b2c1c79ae6d8
7225d5fde4daa4552daf67a0ac2f6d7ec0e768536c5377ee3e7beaa04603a6f5
5d6075e33a168dfa44492dbec5462c6142399b708ec0d038e3e1869141e6b378
5d45cc81a22e6ba596b12db4baec5b20ccbe9ce52f8258fa5690da0e5ef2a982
5a441a59fe273161ff82cbe2a7fbddd21386481ad03cc1782b5b41b6b839c245
4b35a3872589f44c43469cf73c54b525506f6cc894598d109c5f931923c6eba9
05219c02d66daad246eab2abccc35384c34f17ce1daa2fee21cf0bfee88e31b2
79.137.197.159
89.105.198.134
77.221.151.54
193.233.132.137
xhaxo.com
weworkhappy.com
vortax.space
vortax.org
vortax.io
tripleplay-arg1.com
showpiecekennelmating.com
shinudating.com
repairleatherla.com
plumbonwater.com
piloje.com
pegamente.com
nongduangmarket.com
novatercaagilidade.com
msjessd.com
marylandhomerates.com
iuddy.com
institutoangelabatista.com
indianahomerates.com
hobbyplanners.com
garagemfinity.com
faruvinnovations.com
eliteneatproductshop.com
ebolight.com
deskpaypal.com
crosstacks.com
crosscertify.com
cheapcleanprotein.com
casino-legrand.info
betbhaibetting.com
assetsreserve.com
aidigibrain.com
123mllhasbrasil.com
Attack Patterns
AMOS
Atomic macOS
StealC
Rhadamanthys
T1444
T1041