Thursday, January 27, 2022

Two pieces of sophisticated OS X malware discovered

SophosLabs has discovered a fascinating piece of malware a few days ago, it’s a data-stealing Trojan directed at Mac users. It spread via a type of “undelivered courier item” emails connecting to a dodgy server that checked if you  were running Windows or OS X, and handled it appropriately.

The scam works by sending you a false email claiming that your courier company having trouble delivering your article, than the targeted user clicks the link to a unidentified server.

The link in the picture doesn’t lead to of course, but rather brings you to some website which is managed by the attackers.  If you’re on a mobile device, the server delivers an error message.

If you use a desktop browser that’s not Safari, you discover a ZIP file that contains a Windows program discovered by Sophos Anti-Virus as Mal/VBCheMan-C, a vague relative of the Zbot or Zeus malware.

You can view the full analysis on Sophos site here.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …