216.73.217.22

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

· Published 21/01/2025 09:23 · Modified 21/01/2025 09:51

Export JSON

Essential information

Published
21/01/2025 09:23
Modified
21/01/2025 09:51
Tags
2025-01-21 macos
Related entities
23 observables, 9 techniques (mitre), 6 malware, 3 others

Description

The year 2024 saw a significant increase in malware campaigns targeting users in enterprise environments. Threats included infostealers disguised as business apps, sophisticated modular backdoors, and APT activities. Notable malware families included Amos Atomic infostealers, Backdoor Activator, LightSpy, BeaverTail, ToDoSwift, Hidden Risk, HZ RAT, CloudChat Infostealer, NotLockBit ransomware, CloudFake, and RustyAttr. These threats employed various tactics such as credential theft, data exfiltration, and remote access capabilities. The rise in cross-platform development frameworks and sophisticated attack techniques indicates a growing focus on as a target for enterprise attacks, highlighting the need for robust endpoint detection and response capabilities.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (23)

  • 43.156.13.232
  • 45.77.179.89
  • 45.140.147.208
  • matuaner.com
  • buy2x.com
  • e02b3309c0b6a774a4d940369633e395b4c374dc3e6aaa64410cc33b0dcd67ac
  • aca17ec46730f5677d0d0a995b65504e97dce65da699fac1765db1933c97c7ec
  • a28af0684456c26da769a2e0d29c5a726e86388901370ddf15bd3b355597d564
  • 2e62c9850f331799f1e4893698295d0b069ab04529a6db1bfc4f193fe6aded2c
  • 14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31
  • ffeed91c223a718c1afd6d8f059a76ec97eb0eae6c4b2072b343be1b4eba09b8
  • f3c101cd1e7be4ce6afe5d0236bfdd5b43870ff03556908f75692585cfd55c55
  • f39aafb9489b9b60b34e3d4e78cd9720446b6247531b81cbd4877804b065a25f
  • d9b0fcd3b20a82b97b4c74deebc7a2abb8fd771eaa12aaf66bdd5cdeaa30f706
  • d006d5864108094a82315ee60ce057afc8be09546ffaa1f9cc63a51a96764114
  • c689113a9a2fca2148caa90f71115c2c2bafeac36edebde4ffc63f87619033a9
  • 87393d937407a6fe9e69dad3836e83866107809980e20a40ae010d7d72f90854
  • 7af7422edf7c558b6215489c020673e195e5eedd99ae330bb90066924f5cf661
  • 6210ec0e905717359e01358118781a148b6d63834a54a25a95e32e228598c391
  • 5d78fc86a389247d768a6bdf46f3e4fd697ed87c133b99ee6865809e453b2908
  • 1e07585f52be4605be0459bc10c67598eebe8c5d003d6e2d42f4dbbd037e74c1
  • 1400210f2eedab36caff8ce89d6d19859ba3116775981b2be8b5069ef109c2c3
  • 0cca3449ff12cb75c9fd9cf4628b5d72f5ac67d1954dc97d9830436207c4c917

Techniques (MITRE) (9)

  • T1530
    Data from Cloud Storage
  • T1123
    Audio Capture
  • T1564
    Hide Artifacts
  • T1102
    Web Service
  • T1036
    Masquerading
  • T1140
    Deobfuscate/Decode Files or Information
  • T1553
    Subvert Trust Controls
  • T1566
    Phishing
  • T1059
    Command and Scripting Interpreter

Malware (6)

  • HZ
    Family
    Published 21/01/2025 09:23 · Modified 21/01/2025 09:23
  • Init
    Family
    Published 21/01/2025 09:23 · Modified 21/01/2025 09:23
  • C++
    Family
    Published 21/01/2025 09:23 · Modified 21/01/2025 09:23
  • LightSpy
    Family
    Published 21/02/2025 15:28 · Modified 21/02/2025 15:28
  • BeaverTail
    Family
    Published 21/04/2026 12:09 · Modified 21/04/2026 12:09
  • BlueNoroff
    Family
    Published 21/01/2025 09:23 · Modified 21/01/2025 09:23

Others (3)

  • Crypto
  • Cryptocurrency
  • Finance

External references