Researchers Discover Pirated macOS Apps Similar to ZuRu Malware [Friday, January 19, 2024]

Researchers have detected a series of pirated macOS applications that have been modified to communicate to attacker infrastructure. These applicati...
Researchers Discover Pirated macOS Apps Similar to ZuRu Malware [Friday, January 19, 2024]
Researchers Discover Pirated macOS Apps Similar to ZuRu Malware
Report

Researchers Discover Pirated macOS Apps Similar to ZuRu Malware

Description :
Researchers have detected a series of pirated macOS applications that have been modified to communicate to attacker infrastructure. These applications are being hosted on Chinese pirating websites in order to gain victims. Once detonated, the malware will download and execute multiple payloads in the background in order to secretly compromise the victim's machine.

Published Created Modified
2024-01-19 19:08:13 2024-01-19 19:08:13 2024-01-19 19:29:23

Tags

Indicators

IPv4s :
  • 8.217.76.133
  • 8.217.132.190
  • 8.217.206.134
  • 47.242.144.113
  • 47.242.252.82
URLs :
  • http://bd.xmindcn.cc/fs.log
  • http://download.ultraedit.info/bd.log
  • http://download.finalshell.cc/bd.log
  • http://bd.vscode.digital/fs.log
  • http://bd.macnavicat.com/fs.log
  • http://download.finallshell.cc/fl01.log
  • http://download.finallshell.cc/bd.log
  • http://bd.ultraedit.vip/fs.log
  • http://download.rdesktophub.com/bd.log
  • http://bd.rdesktopconnect.com/fs.log
  • http://download.finallshell.cc/fl01.log]
  • http://download.securecrt.vip/se01.log
  • http://download.rdesktophub.com/rt01.log
  • http://download.securecrt.vip/bd.log
  • http://download.macnavicat.com/bd.log
  • http://download.finalshell.cc/fl01.log
  • http://download.macnavicat.com/nv01.log
  • http://download.ultraedit.info/ud01.log
Domains :
  • download.ultraedit.info
  • securecrt.securecrt.cc
  • bd.macnavicat.com
  • ultraedit.ultraedit.vip
  • bd.ultraedit.vip
  • download.finalshell.cc
  • ctl01.macnavicat.com
  • bd.xmindcn.cc
  • remote.rdesktopconnect.com
  • download.finallshell.cc
  • bd.rdesktopconnect.com
  • download.securecrt.vip
  • download.macnavicat.com
  • finalshell.finalshell.me
  • download.rdesktophub.com
Malwares :
  • Khepri
  • ZuRu
Hashes :
  • bd.vscode.digital
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.