2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise
Contents
Across 2024, we saw a sharp rise in malware campaigns aimed at macOS users in the enterprise. From infostealers masquerading as business and productivity apps to sophisticated modular backdoors, not to mention plenty of APT activity, threat actors were busier than ever developing and deploying malware to compromise organizations and steal sensitive data.
In this post, we survey the key macOS malware families appearing in 2024. For each, we provide a short synopsis highlighting the tactics, indicators of compromise, and opportunities for detection, along with links to further reading, to help security teams and researchers stay on top of an expanding macOS threat landscape.
For all of these threats, SentinelOne customers are protected by the Singularity platform.
InfoStealers | Amos Atomic, Banshee, Cuckoo, Poseidon & Friends
There were so many stealers running rampant throughout 2024 that to cover them all individually would require a post of its own. Fortunately, that’s one we’ve already written: …
In this post, we survey the key macOS malware families appearing in 2024. For each, we provide a short synopsis highlighting the tactics, indicators of compromise, and opportunities for detection, along with links to further reading, to help security teams and researchers stay on top of an expanding macOS threat landscape.
For all of these threats, SentinelOne customers are protected by the Singularity platform.
InfoStealers | Amos Atomic, Banshee, Cuckoo, Poseidon & Friends
There were so many stealers running rampant throughout 2024 that to cover them all individually would require a post of its own. Fortunately, that’s one we’ve already written: …
IoC
http://matuaner.com
http://95.164.17.24
http://buy2x.com
http://45.77.179.89
https://103.27.109.217:52202
http://45.140.147.208
http://43.156.13.232
43.156.13.232
95.164.17.24
45.77.179.89
45.140.147.208
103.27.109.217
[email protected]
4d23cbaf34463167a3c51f04e2f20a607578b118
2fee1f933acafd92ffb2152058786e5e9996123b
78027c3800ff58321371a28b1e2a6d7e870add60
65f47b3297e39e85a4c163184b12439797fbac11
40a2ef0be85d4fbaf52fa29aa6cf81a22a50b2a4
23f3b070aad47f72ddf2d148f455cce2266901fd
85ce988064d5ac2a927f2ee46e5243e3ef5dabb5
7b13250ac5d8cb908bf694dba6e7d921f4d1b963
aa4556b843d250a54d06bc3b2cc36a52ea645b35
ce912458662aa0f5859c679be137fd5b836887ae
5876eb2770505a6a20801a0df533edd6b3872d11
cb8f4ad08b9715a16158f5897ad51ef38c4cebb1
cd70d69ed034eca924227a89391237342d6dcbdb
0f7c492ad72741d70396b43d394796a09e2ec2a2
6c19a41d033ccc39bd42bc2f2e830e1f5808ca15
367362b4ab6384833752b6936c296f3746859b82
3efff55f643010647ac72a6761da38d934052140
73a3a34d64f199a2f94545e1827d43e2e87f0dac
2e8cadad5ab90651ae36fb09fb386ffd91bd0d41
c9611cba90349e78b6051c299dc8d012048a91a4
0ffc73ea4fd20cc8d293eae67d0a2c51c76a797b
8abe82f6a083288baafac75227ca9ef54d405495
6ab4179d673082ef03d8b200a2a70c251f058d4f
3b4366d5a1d7a59fa6600ace9f666767b00871d6
dacb501872f6bc1741631ca1f7cd55991806a00a
http://95.164.17.24
http://buy2x.com
http://45.77.179.89
https://103.27.109.217:52202
http://45.140.147.208
http://43.156.13.232
43.156.13.232
95.164.17.24
45.77.179.89
45.140.147.208
103.27.109.217
[email protected]
4d23cbaf34463167a3c51f04e2f20a607578b118
2fee1f933acafd92ffb2152058786e5e9996123b
78027c3800ff58321371a28b1e2a6d7e870add60
65f47b3297e39e85a4c163184b12439797fbac11
40a2ef0be85d4fbaf52fa29aa6cf81a22a50b2a4
23f3b070aad47f72ddf2d148f455cce2266901fd
85ce988064d5ac2a927f2ee46e5243e3ef5dabb5
7b13250ac5d8cb908bf694dba6e7d921f4d1b963
aa4556b843d250a54d06bc3b2cc36a52ea645b35
ce912458662aa0f5859c679be137fd5b836887ae
5876eb2770505a6a20801a0df533edd6b3872d11
cb8f4ad08b9715a16158f5897ad51ef38c4cebb1
cd70d69ed034eca924227a89391237342d6dcbdb
0f7c492ad72741d70396b43d394796a09e2ec2a2
6c19a41d033ccc39bd42bc2f2e830e1f5808ca15
367362b4ab6384833752b6936c296f3746859b82
3efff55f643010647ac72a6761da38d934052140
73a3a34d64f199a2f94545e1827d43e2e87f0dac
2e8cadad5ab90651ae36fb09fb386ffd91bd0d41
c9611cba90349e78b6051c299dc8d012048a91a4
0ffc73ea4fd20cc8d293eae67d0a2c51c76a797b
8abe82f6a083288baafac75227ca9ef54d405495
6ab4179d673082ef03d8b200a2a70c251f058d4f
3b4366d5a1d7a59fa6600ace9f666767b00871d6
dacb501872f6bc1741631ca1f7cd55991806a00a