APT Actors Embed Malware within macOS Flutter Applications
Contents
APT Actors Embed Malware within macOS Flutter Applications
Jamf Threat Labs discovered malware samples believed to be tied to the Democratic People's Republic of Korea (DPRK), aka North Korea, that evaded scans to detect malicious code due to obfuscation techniques to hide it from various checks. JTL performs a deep dive into how the malicious code works to remain vigilant against this potentially new method to target macOS devices and users.
November 12 2024 by
Jamf Threat Labs
By Ferdous Saljooki and Jaron Bradley
Introduction
Earlier this month, Jamf Threat Labs discovered samples uploaded to VirusTotal that are reported as clean despite showing malicious intent. The domains and techniques in the malware align closely with those used in other DPRK malware and show signs that, at one point in time, the malware was signed and had even temporarily passed Apple’s notarization process. It’s unclear in this case if the malware has been used against any targets …
Jamf Threat Labs discovered malware samples believed to be tied to the Democratic People's Republic of Korea (DPRK), aka North Korea, that evaded scans to detect malicious code due to obfuscation techniques to hide it from various checks. JTL performs a deep dive into how the malicious code works to remain vigilant against this potentially new method to target macOS devices and users.
November 12 2024 by
Jamf Threat Labs
By Ferdous Saljooki and Jaron Bradley
Introduction
Earlier this month, Jamf Threat Labs discovered samples uploaded to VirusTotal that are reported as clean despite showing malicious intent. The domains and techniques in the malware align closely with those used in other DPRK malware and show signs that, at one point in time, the malware was signed and had even temporarily passed Apple’s notarization process. It’s unclear in this case if the malware has been used against any targets …
IoC
6664dfdbce1e6311ea02aa2827a866919a5659cc
https://mbupdate.linkpc.net
172.86.102.98
eadfafb35db1611350903c7a76689739d24b9e5c
2460c6ac4d55c34e3cc11c53f2e8c136682ac934
0b9b61d0fffd52e6c37df37dfdffefc0e121acf7
9598e286142af837ee252de720aa550b3bea79ea
6fa932f4eb5171affb7f82f88218cca13fb2bfdc
710f84c42ba79de7eebb2021383105ae18c0c197
6f280413a40d41b8dc828250bbb8940b219940c5
90e0e88e5b180eb1663c2b2cfe9f307ed03a301b
5bf18435eb0dbb31e4056549f6ec880793f49a82
7cb8a9db65009f780d4384d5eaba7a7a5d7197c4
4476788a3178d53297caffca8ea21ab95352fc56
bc6b446bad7d76909d84e7948c369996b38966d1
3f51182029a2d4ed9c7cc886eb7666810904f9df
ee22e7768e0f4673ab954b2dd542256749502e97
a2cd8cf70629b5bb0ea62278be627e21645466a3
https://mbupdate.linkpc.net/update.php
dd38d7097a3359dc0d1c999225286a2f651b154e
a12ad8d16da974e2c1e9cfe6011082baab2089a3
https://mbupdate.linkpc.net
172.86.102.98
eadfafb35db1611350903c7a76689739d24b9e5c
2460c6ac4d55c34e3cc11c53f2e8c136682ac934
0b9b61d0fffd52e6c37df37dfdffefc0e121acf7
9598e286142af837ee252de720aa550b3bea79ea
6fa932f4eb5171affb7f82f88218cca13fb2bfdc
710f84c42ba79de7eebb2021383105ae18c0c197
6f280413a40d41b8dc828250bbb8940b219940c5
90e0e88e5b180eb1663c2b2cfe9f307ed03a301b
5bf18435eb0dbb31e4056549f6ec880793f49a82
7cb8a9db65009f780d4384d5eaba7a7a5d7197c4
4476788a3178d53297caffca8ea21ab95352fc56
bc6b446bad7d76909d84e7948c369996b38966d1
3f51182029a2d4ed9c7cc886eb7666810904f9df
ee22e7768e0f4673ab954b2dd542256749502e97
a2cd8cf70629b5bb0ea62278be627e21645466a3
https://mbupdate.linkpc.net/update.php
dd38d7097a3359dc0d1c999225286a2f651b154e
a12ad8d16da974e2c1e9cfe6011082baab2089a3