Detecting macOS.GMERA Malware Through Behavioral Inspection
Contents
Recently, researchers at Trend Micro spotted a new piece of in-the-wild macOS malware that spoofs a genuine stock market trading app to open a backdoor and run malicious code. In this post, we first give an overview of how the malware works, and then use this as an example to discuss different detection and response strategies, with a particular emphasis on explaining the principles and advantages of using behavioral detection on macOS.
An Overview of GMERA Malware
Let’s begin by taking a look at the technical details of this new piece of macOS malware.
Two variants were initially discovered by researchers who identified them as GMERA.A and GMERA.B. In this post, we will focus on the interesting points in a particular sample of GMERA.B that pertain to detection and response.
Our sample, which was not analyzed in the previous research, is:
d2eaeca25dd996e4f34984a0acdc4c2a1dfa3bacf2594802ad20150d52d23d68
Despite having been on VirusTotal for 9 days already, and that the initial Trend …
An Overview of GMERA Malware
Let’s begin by taking a look at the technical details of this new piece of macOS malware.
Two variants were initially discovered by researchers who identified them as GMERA.A and GMERA.B. In this post, we will focus on the interesting points in a particular sample of GMERA.B that pertain to detection and response.
Our sample, which was not analyzed in the previous research, is:
d2eaeca25dd996e4f34984a0acdc4c2a1dfa3bacf2594802ad20150d52d23d68
Despite having been on VirusTotal for 9 days already, and that the initial Trend …
IoC
193.37.212.176
d2eaeca25dd996e4f34984a0acdc4c2a1dfa3bacf2594802ad20150d52d23d68
d2eaeca25dd996e4f34984a0acdc4c2a1dfa3bacf2594802ad20150d52d23d68