The malware deploys specialized “Robber” dylibs—including libWXRobber.dylib, libNTQQRobber.dylib, and libQQRobber.dylib—that target specific applications to steal credentials and communications data. OSINT research links the malware to “Xiamen Meiya Yian Information Technology Co,” which is connected to Meiya Pico, an organization previously identified by the U.S. Treasury as developing surveillance technology for the Chinese government. “The software’s targeted applications and observed network connections strongly indicate both a Chinese origin and target user base,” kandji researchers said. The malware’s sophisticated capabilities, extensive data collection functions, and version checks for systems below macOS 14.4.1 suggest active development and deployment for targeted surveillance operations. Security experts recommend keeping macOS systems updated to the latest version and monitoring for suspicious processes and network connections to defend against this evolving threat. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The malware leverages frida scripts to hook into application processes, allowing it to intercept communications and extract encryption keys. The multi-binary malware package demonstrates advanced technical capabilities for data exfiltration and persistence. Upon further analysis, researchers determined the malware primarily targets WeChat, QQ, web browsers, and email applications. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 15 Apr 2025 16:35:13 +0000