silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 11,043
A sophisticated proxy Trojan targeting macOS has been discovered and is being distributed through pirated versions of genuine business software, including editing tools, data recovery software, and network scanning applications.
The Trojan operates by masquerading as a legitimate program during installation, then subsequently creating a hidden proxy server within the user's system, according to a Kaspersky report this week. This covert server enables threat actors to maintain a backdoor on the system but also redirect network traffic through the compromised device.
On the technical front, Kaspersky's report noted that in addition to the macOS version, specimens for Android and Windows were discovered connected to the same command-and-control (C2) server. For all three, the researchers highlighted the use of DNS-over-HTTPS (DoH) to conceal C2 communications from traffic-monitoring tools.
Specifically, DoH can allow it to bypass primitive security solutions based only on the analysis of DNS requests, since the request will look like a regular HTTPS request to a server that implements DoH.