lazarusholic

Everyday is lazarus.dayβ

Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation

2024-04-11, InterpresSecurity
https://interpressecurity.com/resources/return-of-the-macos-tcc/
#APT37 #CloudMensis #macOS #JokerSpy

Contents

Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation
As the macOS desktop user base continues to grow year by year, adversaries are adapting their strategies to become more cross-platform. Gone are the days when macOS was considered immune to malware. This report delves into the evolving landscape of cyber threats, focusing on adversarial techniques aimed at manipulating the Transparency, Consent, and Control (TCC) framework database.
Report
April 11, 2024
WRITTEN BY: MARINA LIANG
Table of Contents
Historical Bypasses and Limitations of TCC
Problems with Full Disk Access (FDA)
Casting A Wide Net: Keyloggers, Adware, Trojans, Oh My!
Recommendations for Blue Teamers:
Summary
Discover insights into prominent malware campaigns, their connections to Democratic People’s Republic of Korea (DPRK) adversary behaviors and gain valuable insights on threat hunting queries. This report will equip defenders with essential recommendations to safeguard against TCC.db abuse and stay ahead in the ever-changing cybersecurity landscape.
Preface
Historically, Windows has had a stronghold on the desktop market, and …

IoC

317ce26cae14dc9a5e4d4667f00fee771b4543e91c944580bbb136e7fe339427
37085f9c52e1dbe3edd3d33167eb921fd6177fe5c1600944b1eccd8ef2604245
452c832a17436f61ad5f32ee1c97db05575160105ed1dcd0d3c6db9fb5a9aea1
6d3eff4e029db9d7b8dc076cfed5e2315fd54cb1ff9c6533954569f9e2397d4c
b8a61adccefb13b7058e47edcd10a127c483403cf38f7ece126954e95e86f2bd
b8cd150c5e4f6d6fff6e2dd43b8e955ff7d5caf4623715794f775d5589b62c83