Research by: Jiri Vinopal
Key PointsCheck Point Research (CPR) provides an introduction to .NET managed hooking using the Harmony library. We cover the most common examples of implementation using different types of Harmony patches. The practical example using Harmony hooking to defeat the notorious “ConfuserEx2” obfuscator results in the “ConfuserEx2_String_Decryptor” tool.…Tag: MACOS
Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family.…
Earlier this year, we discussed how threat actors have been turning to scripting languages as a preferred means of both dropping malware and executing payloads. That trend has continued with some interesting innovations in response to the static detection signatures now widely in use both by Apple and other vendors.…
Recently, researchers at K7 Labs found a website that was ostensibly providing cracked software for macOS. The website appears well done and claims to provide safe, fast and free software. But in reality people were unintentionally downloading the Pirrit adware. The name of the site was crack(-)mac(.)com.…
At the end of May 2023, JPCERT/CC confirmed an attack targeting developers of cryptocurrency exchange businesses, and it is considered to be related to the targeted attack group DangerousPassword [1], [2] (a.k.a. CryptoMimic or SnatchCrypto), which has been continuously attacking since June 2019. This attack targeted Windows, macOS, and Linux environments with Python and Node.js…
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far:
The infection is spread via 3CXDesktopApp MSI installers.…Specialists of the Russian company Dr Web found malicious software that threatens the MacOS operating system, which allows attackers to download and execute any Python code on the user’s device. In addition, sites distributing this malware also infected Windows users with a dangerous spyware Trojan.
According to the employees of the company Dr Web, a new threat was discovered by their experts on April 29.…