• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Mac

XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

  • Posted on:August 13, 2020 at 7:18 am
  • Posted in:Mac, Malware
  • Author:
    Trend Micro
0

We have discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developer’s Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits: one is used to bypass the System Integrity Protection(SIP) read feature on macOS, another is used to abuse the development version of Safari.

Read More
Tags: developerXcodeXCSSet

Updates on ThiefQuest, the Quickly-Evolving macOS Malware

  • Posted on:July 17, 2020 at 5:00 am
  • Posted in:Mac, Malware
  • Author:
    Trend Micro
0

This entry is about ThiefQuest, the newly discovered malware targeting macOS. We discuss the differences between the old and new versions of the malware. Related findings include new functions as well as unusual observations in VirusTotal

Read More
Tags: macOSMalwareransomwareThiefQuest

New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability

  • Posted on:May 11, 2020 at 5:01 am
  • Posted in:Mac
  • Author:
    Trend Micro
0

We found an application sample in April called TinkaOTP, and our investigation showed the application bearing a striking resemblance to Dacls remote access trojan (RAT), a Windows and Linux backdoor discovered in December 2019.

Read More
Tags: backdoorLazarusRAT

Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website

  • Posted on:September 20, 2019 at 4:51 am
  • Posted in:Mac, Malware
  • Author:
    Trend Micro
0

We recently found and analyzed a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio. We found two variants of the malware family. The first one contains a pair of shell scripts and connects to a remote site to decrypt its encrypted codes while the second sample, despite using a simpler routine involving a single shell script, is actually incorporates a persistence mechanism.

Read More
Tags: appMacTrojan

CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code

  • Posted on:June 21, 2019 at 5:00 am
  • Posted in:Mac, Vulnerabilities
  • Author:
    Trend Micro
0

We discovered a double free vulnerability (assigned as CVE-2019-8635) in macOS. The vulnerability is caused by a memory corruption flaw in the AMD component. If successfully exploited, an attacker can implement privilege escalation and execute malicious code on the system with root privileges.

Read More
Tags: AMDCVE-2019-8635double free vulnerabilityOS X
Page 1 of 512 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.