A sophisticated proxy Trojan targeting macOS has been discovered and is being distributed through pirated versions of genuine business software, including editing tools, data recovery software, and network scanning applications.
The Trojan operates by masquerading as a legitimate program during installation, then subsequently creating a hidden proxy server within the user's system, according to a Kaspersky report this week.
This covert server enables threat actors to maintain a backdoor on the system but also redirect network traffic through the compromised device.
Sergey Puzan, cybersecurity expert at Kaspersky, explains that the presence of such a proxy Trojan can have consequences of varying severity for victims.
If the proxy is used to route the traffic of other users, perhaps by unscrupulous VPNs, that can significantly load up the user's network, thereby slowing down its operation or using up any set traffic limit.
Other possible scenarios could see malicious actors using victims' computers to increase advertising views; organizing a botnet for the purpose of further DDoS attacks on various sites, organizations, or other users; or for illegal activities, such as buying weapons, drugs, or distributing malicious information or other malicious programs.
In the case of illegal activities on the Internet, there are significant direct risks for the user, since any such action will be performed from that user's IP address - and that means on the user's behalf.
Using DoH to Blend In On the technical front, Kaspersky's report noted that in addition to the macOS version, specimens for Android and Windows were discovered connected to the same command-and-control server.
For all three, the researchers highlighted the use of DNS-over-HTTPS to conceal C2 communications from traffic-monitoring tools.
The proxy is also spread via cracked applications from unauthorized websites, targeting users seeking free software tools and exposing them to potential malware installations - so a simple way to avoid infection is to avoid downloading pirated software.
Mac Users: Constant Targets for Botnets Ken Dunham, director of cyber threat at Qualys, notes that Mac users might have a misperception that they're not in the sights of cybercriminals, but the opposite is true.
Apple fans have long been targeted by botnet actors, due to the Mac layer for users and BSD codebase layer underneath, which can be silently abused by malicious users that compromise an endpoint.
Specific data points bear this out: In October, Accenture published a report revealing a tenfold rise in Dark Web threat actors targeting macOS since 2019 - with the trend likely to continue.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 07 Dec 2023 19:30:21 +0000