Tag: MACOS

The ClickFix campaign utilizes social engineering tactics to deploy malware on Windows and macOS platforms by presenting fake Google Meet error messages. Users are tricked into downloading malware disguised as troubleshooting files. This campaign highlights the dangers of browser-based attacks and the need for enhanced security measures.…
Read More

Summary: Cybersecurity researchers have identified malicious npm packages impersonating the Nomic Foundation’s Hardhat tool, designed to steal sensitive data from developers. These packages exploit trust in open source plugins to exfiltrate critical information such as private keys and mnemonics.

Threat Actor: _lain | _lain Victim: Developers using npm packages | developers using npm packages

Key Point :

Malicious npm packages impersonating legitimate tools have been found, with one package attracting over 1,000 downloads.…
Read More

Summary: Researchers at Socket have identified malicious campaigns that exploit Out-of-Band Application Security Testing (OAST) techniques, traditionally used for ethical hacking, to exfiltrate sensitive data and establish command-and-control channels. This misuse of OAST tools poses significant risks to developers and organizations by leveraging trusted package ecosystems like npm, PyPI, and RubyGems.…
Read More

Lazarus, a highly active APT organization, targets financial institutions and cryptocurrency exchanges using sophisticated attack methods. Their recent weaponization of the IPMsg installer demonstrates their technical prowess in social engineering and malware deployment. #LazarusAPT #CyberThreat #MalwareAnalysis

Keypoints :

Lazarus is known for its advanced persistent threat (APT) tactics.…
Read More

Summary: A critical security vulnerability (CVE-2025-22275) has been identified in iTerm2, a terminal emulator for macOS, allowing unauthorized access to sensitive user data due to improper logging during SSH sessions. Users are urged to update to version 3.5.11 to mitigate risks associated with this flaw.

Threat Actor: Unknown | unknown Victim: iTerm2 Users | iTerm2 users

Key Point :

A vulnerability in iTerm2 versions 3.5.6 to 3.5.10 could expose sensitive data due to improper logging.…
Read More

Summary: Researchers from Korea University have introduced “SysBumps,” a groundbreaking attack that successfully breaks Kernel Address Space Layout Randomization (KASLR) on macOS systems using Apple Silicon. This vulnerability exposes critical kernel memory addresses, posing significant risks to macOS users despite Apple’s enhanced security measures.

Threat Actor: Unprivileged attackers | unprivileged attackers Victim: macOS users | macOS users

Key Point :

SysBumps exploits speculative execution vulnerabilities in macOS system calls.…
Read More

This article outlines critical vulnerabilities affecting various software products, including Citrix, Cisco, Fortinet, and Microsoft. Threat actors are exploiting these vulnerabilities, such as CVE-2023-3519 and CVE-2023-34362, to gain unauthorized access and execute malicious activities. Regular updates and security patches are essential to mitigate these risks. #CyberSecurity #VulnerabilityManagement #ThreatIntelligence

Keypoints :

Multiple critical vulnerabilities identified across various software products.…
Read More

Socket researchers reveal the misuse of Out-of-Band Application Security Testing (OAST) techniques by threat actors to exfiltrate sensitive data across npm, PyPI, and RubyGems ecosystems. These malicious packages leverage OAST services to perform stealthy data exfiltration and reconnaissance in developer environments. #OAST #CyberSecurity #Malware

Keypoints :

Threat actors are weaponizing OAST techniques to exfiltrate sensitive data.…
Read More

Summary: A new Android malware named FireScam has been identified as an information stealer and spyware, capable of harvesting sensitive information from various applications. It is distributed through a phishing website disguised as the legitimate ‘Telegram Premium’ application, targeting devices running Android 8 and newer.

Threat Actor: Unknown | FireScam Victim: Android Users | Android Users

Key Point :

FireScam is distributed via a phishing website that mimics the RuStore application store.…
Read More

### #Web3Security #MeetenMalware #CryptoTheft

Summary: Cybercriminals are exploiting the Web3 sector by using fake business meetings to distribute malware that targets cryptocurrency assets. Dubbed “Meeten,” this campaign employs sophisticated social engineering tactics to lure victims into downloading malicious software.

Threat Actor: Cybercriminals | Meeten Victim: Individuals in Web3 | Web3 professionals

Key Point :

The “Meeten” campaign uses fraudulent video conferencing software to distribute Realst stealer malware targeting both Windows and macOS systems.…
Read More

### #BansheeStealer #MalwareLeak #MacOSThreats

Summary: The source code for the macOS malware Banshee Stealer has been leaked and published on GitHub, leading to the shutdown of its operations by its developers. This malware, which targeted sensitive data, was previously promoted by Russian hackers.

Threat Actor: Russian hackers | Russian hackers Victim: Banshee Stealer users | Banshee Stealer users

Key Point :

Source code for Banshee Stealer was leaked and published by VXunderground on GitHub.…
Read More

### #MacOSMalware #BANSHEEStealer #MaaSThreats

Summary: In August 2024, Russian hackers released BANSHEE Stealer, a macOS malware designed to steal sensitive data from browsers and cryptocurrency wallets. The malware’s source code was later leaked, leading to the shutdown of its operations.

Threat Actor: Russian Hackers | Russian Hackers Victim: macOS Users | macOS Users

Key Point :

BANSHEE Stealer targets both x86_64 and ARM64 architectures, capable of stealing data from nine different browsers.…
Read More

### #AppleSecurity #ThreatAnalysis #ZeroDayVulnerabilities

Summary: Apple has released critical security updates addressing two actively exploited vulnerabilities in its operating systems, discovered by Google’s Threat Analysis Group. The vulnerabilities, CVE-2024-44308 and CVE-2024-44309, primarily affect Intel-based Mac systems and could allow for arbitrary code execution.

Threat Actor: Government-backed hackers | government-backed hackers Victim: Apple Inc.…

Read More

### #CyberSecurity #Malware #AIThreats Summary: Fake AI image and video generators are being used to distribute Lumma Stealer and AMOS malware, targeting Windows and macOS systems to steal sensitive information such as credentials and cryptocurrency wallets. These malicious sites impersonate a legitimate AI application, tricking users into downloading harmful software.…

Read More

Summary: Researchers at Group-IB have uncovered a new stealth technique used by the North Korean APT group Lazarus, which targets macOS systems through a code-smuggling method that utilizes custom extended attributes to evade antivirus detection. This method involves the deployment of a Trojan named RustyAttr, developed with the Tauri framework, allowing the malware to operate discreetly while distracting users with decoy applications.…

Read More

Summary: Zoom has addressed six vulnerabilities in its video conferencing platform, including two high-severity issues that could allow remote attackers to escalate privileges or leak sensitive information. The vulnerabilities affect various Zoom applications and require updates to mitigate risks.

Threat Actor: Remote attackers | remote attackers Victim: Zoom | Zoom

Key Point :

Two high-severity vulnerabilities (CVE-2024-45421 and CVE-2024-45419) allow privilege escalation and information disclosure.…
Read More