Malware News Proxy Trojan Targets macOS Users for Traffic Redirection

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,178
Content source
https://www.darkreading.com/vulnerabilities-threats/proxy-trojan-targets-macos-users-traffic-redirection
A sophisticated proxy Trojan targeting macOS has been discovered and is being distributed through pirated versions of genuine business software, including editing tools, data recovery software, and network scanning applications.

The Trojan operates by masquerading as a legitimate program during installation, then subsequently creating a hidden proxy server within the user's system, according to a Kaspersky report this week. This covert server enables threat actors to maintain a backdoor on the system but also redirect network traffic through the compromised device.
Click to expand...
On the technical front, Kaspersky's report noted that in addition to the macOS version, specimens for Android and Windows were discovered connected to the same command-and-control (C2) server. For all three, the researchers highlighted the use of DNS-over-HTTPS (DoH) to conceal C2 communications from traffic-monitoring tools.

Specifically, DoH can allow it to bypass primitive security solutions based only on the analysis of DNS requests, since the request will look like a regular HTTPS request to a server that implements DoH.
Click to expand...
 
  • Like
  • +Reputation
  • Thanks
Reactions: ZeroDay, simmerskool, vtqhtr413 and 2 others
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I have 2 macOS running, one is my secondary system, the other is my wife's. How is proxy trojan detected, or is it detectable? What AV if any detects it? In past, Apple techs said or recommended no AV or only malwarebytes.
 

Similar threads

CyberTech
    • Like
Malware News New proxy malware targets Mac users through pirated software
Replies
0
Views
1,047
Security News
CyberTech
CyberTech
Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
Security News ExpressVPN bug has been leaking some DNS requests for years
Replies
0
Views
879
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Malware News New macOS 'KandyKorn' malware targets cryptocurrency engineers
Replies
1
Views
1,493
Security News
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top