Cracked macOS Software Laced with New Trojan Proxy Malware

Kaspersky recently uncovered the most recent Trojan Proxy malware campaign, revealing that the earliest submission of the payload on VirusTotal can be traced back to April 28, 2023.
According to the latest research from cybersecurity researchers at Kaspersky, threat actors are deploying a novel Trojan Proxy malware in cracked applications, distributed via unauthorized websites.
Further probing revealed that the malware is disguised within popular copyrighted macOS software available on warez sites.
For your information, Warez sites are websites that offer copyrighted digital content, such as software, movies, music, ebooks, and games, for free or at a significantly lower price than the original product.
The malware allows attackers to build a proxy server network to commit crimes or make profits.
When installed, this malware converts computers into anonymous traffic-forwarding terminals, allowing malware operators to perform malicious activities, such as phishing, hacking, or conducting illegal transactions.
Infected applications appear as legitimate cracked software, distributed as.
A post-installation script replaces two system files with malicious versions from the app resources and grants them administration permissions.
A fake Google configuration file automatically starts the WindowServer malware file as a system process.
This binary file was uploaded on VirusTotal on April 28 but wasn't recognized as malware then.
The malware utilizes DNS-over-HTTPS to get the C2 server IP address and connects via WebSockets, receiving commands for the various malicious activities the Trojan can perform and sending information.
During their research, investigators didn't receive a server response beyond the 0x38 command and noted that the client supported TCP and UDP connections.
Earlier versions relied on traditional DNS requests instead of DoH for C&C server acquisition.
It is worth noting that selling access to these proxies is a highly profitable business, encompassing massive botnets.
Kaspersky researchers noted that Mac devices aren't immune to this deep-rooted threat, which is why this campaign works.
Attackers are exploiting the popularity of cracked versions of copyrighted software, specifically commercial software/programs, as users prefer to avoid paying for premium software.
Around 35 instances of popular image editing, data recovery, video compression and editing, and network scanning tools-related apps laced with Trojan Proxy were identified by Kaspersky.
Beyond macOS, researchers have identified Android and Windows versions connecting to the same C&C server.
This means a larger distribution network for cracked software laced with Trojan Proxy malware could be at work.
Menlo Security's chief security architect, Lionel Litty, shared with Hackread.com that using DoH and WebSocket indicates that threat actors are focusing more on evading network-based detection mechanisms.


This Cyber News was published on www.hackread.com. Publication date: Fri, 08 Dec 2023 13:43:04 +0000


Cyber News related to Cracked macOS Software Laced with New Trojan Proxy Malware

Cracked macOS Software Laced with New Trojan Proxy Malware - Kaspersky recently uncovered the most recent Trojan Proxy malware campaign, revealing that the earliest submission of the payload on VirusTotal can be traced back to April 28, 2023. According to the latest research from cybersecurity researchers at ...
1 year ago Hackread.com
Tax Season Alert: Common scams and cracked software - OpenText is committed to providing you with the latest intelligence and tips to safeguard your digital life, especially during high-risk periods like tax season. Our threat analysts are constantly monitor the ebb and flow of various threats. One ...
10 months ago Webroot.com
Trojan Malware Hidden in Cracked macOS Software, Kaspersky Says - Newly discovered cracked applications being distributed by unauthorized websites are delivering Trojan-Proxy malware to macOS users who are looking for free or cheap versions of the software tools they want. The malware can be used by bad actors for ...
1 year ago Securityboulevard.com
New proxy malware targets Mac users through pirated software - Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites. Proxy trojan malware infects computers, turning them into traffic-forwarding terminals used to ...
1 year ago Bleepingcomputer.com
Pirated Software Puts Mac Users at Risk as Proxy Malware Emerges - Malware is being targeted at Mac users who receive pirated versions of popular apps from warez websites after they choose to download them from those websites. Various reports state that cybercriminals are infecting macOS devices with proxy trojans ...
1 year ago Cysecurity.news
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
10 months ago Securityintelligence.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
5 months ago Pandasecurity.com
macOS Malware Campaign Showcases Novel Delivery Technique - Security researchers have sounded the alarm on a new cyberattack campaign using cracked copies of popular software products to distribute a backdoor to macOS users. What makes the campaign different from numerous others that have employed a similar ...
10 months ago Darkreading.com
Cracked macOS apps drain wallets using scripts fetched from DNS records - Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. The campaign appears directed at users of macOS Ventura and later and relies on cracked applications ...
10 months ago Bleepingcomputer.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
8 months ago Pandasecurity.com
Analysis of a new macOS Trojan-Proxy - Illegally distributed software historically has served as a way to sneak malware onto victims' devices. They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer ...
1 year ago Securelist.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
6 months ago Securelist.com
February 2024's Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign - Our latest Global Threat Index for February 2024 saw researchers uncover a fresh FakeUpdates campaign compromising WordPress websites. These sites were infected using hacked wp-admin administrator accounts, with the malware adapting its tactics to ...
9 months ago Blog.checkpoint.com
How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
10 months ago Gbhackers.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)