LightSpy Malware Variant Targeting macOS
Essential information
Description
This report details the discovery of a macOS variant of the LightSpy malware, previously known to target iOS and Android devices. The macOS implant consists of a dropper that downloads and runs a core implant dylib, which in turn loads various plugins to accomplish malicious tasks. The report provides a technical analysis of the malware components, including the droppers, implants, and plugins, highlighting key differences from the iOS version. It also discusses the communication with the command-and-control (C2) server and the data collection capabilities of the malware. The report aims to raise awareness about the evolving threats targeting the macOS platform.