Anti-virus company ESET has announced the discovery of a new version of the malicious software of the cybercrime group OceanLotus, which is a backdoor for the macOS platform.
The backdoor file is encrypted and processed using the UPX-packer, which makes it difficult to detect it by a number of IB solutions. However, many macOS users ignore security products, so protecting the backdoor from detection is of secondary importance.
When launching, the malware checks if the device belongs to the Mac family (MacBook Pro, MacBook Air). The information that cyber threat sends to the command C & C server contains information about the processor, memory, device serial number, and MAC addresses of the network interface.
ESET experts note that the C & C servers used by the backdoor were created relatively recently – November 22, 2018.
MacOS security users often ignore antivirus software. At the same time, analysts record a rapid increase in the number of malicious programs for Apple computers – according to the German independent laboratory AV-TEST, in just one year their number increased threefold, from 28.9 to 93.3 thousand.
OceanLotus has been active since at least 2012. Campaigns of cybercriminals are often aimed at government structures, parties and commercial organizations in the countries of Southeast Asia.