К

.

А

.

А

S

I

T

E

.

malware under macOS

The trend for malware under macOS continues

The trend for malware under macOS continues, this time we have a new proxy Trojan. It is distributed along with hacked paid software, the researchers counted 35 programs, including video and photo editors, data recovery software and other popular among fans of freebies. Installers come in the form of PKG files, and in them, respectively, malicious scripts.

The malware disguises itself as a legitimate WindowServer system process. When launched, the Trojan connects to its C2 server via DNS-over-HTTPS and creates TCP/UDP connections for proxy requests. The first versions of the malware appeared in April of this year. He did not bypass other platforms either: Trojans for Android and Windows work through the same C2 servers, they are also distributed with broken software