Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack
Contents
During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.
As of now, these samples are still largely undetected and very little information is available about any of them. The earliest mention we could find is an anonymous April 18 upload on VirusTotal (IoC A), as well as the three samples (B through D) that seem to have been uploaded by the victim we worked with in the investigation.
IoC A seems very similar to IoC B and shares the same feature set. The only difference is the order of two Python imported libraries.
Two of the three isolated samples are generic backdoors written in Python that seem to target Mac OS, Windows and Linux-based operating systems.
To …
As of now, these samples are still largely undetected and very little information is available about any of them. The earliest mention we could find is an anonymous April 18 upload on VirusTotal (IoC A), as well as the three samples (B through D) that seem to have been uploaded by the victim we worked with in the investigation.
IoC A seems very similar to IoC B and shares the same feature set. The only difference is the order of two Python imported libraries.
Two of the three isolated samples are generic backdoors written in Python that seem to target Mac OS, Windows and Linux-based operating systems.
To …