MacOS Targeted in WildPressure APT Malware Campaign
#1
Information 
Quote:Threat actors known as WildPressure have added a macOS malware variant to their latest campaign targeting energy sector businesses, while enlisting compromised WordPress websites to carry out attacks.
 
Novel malware, initially identified in March 2020 and dubbed Milum, has now been retooled with a PyInstaller bundle containing a trojan dropper compatible with Windows and macOS systems, according to researchers. Compromised endpoints allow the advanced persistent threat (APT) group to download and upload files and executing commands.
 
On Wednesday, Kaspersky published its latest findings tied to the APT and malware, which it first discovered and reported on in March 2020. At that time, researchers noted WildPressure targeted Middle East organizations with a C++ version of a trojan it called Milum.
 
The latest sample of Milum reveals the addition of a self-decrypting VBScript Tandis trojan,  a macOS-compatible PyInstaller and a multi-OS Guard trojan, according to Denis Legezo, senior security researcher at Kaspersky, in a Wednesday post.
 
A PyInstaller bundles a macOS compatible Python application “and all its dependencies into a single package,” according to a technical description.
“This PyInstaller Windows executable was detected in our telemetry on September 1, 2020, showing version 2.2.1. It contains an archive with all the necessary libraries and a Python Trojan that works both on Windows and macOS. The original name of the script inside this PyInstaller bundle is ‘Guard’,” Legezo wrote.

According to Kaspersky, which sinkholed new WildPressure command-and-control (C2) domains in spring 2021, the threat actor used both virtual private servers (VPS) and compromised servers in their infrastructure, most of which were WordPress websites.

Read more: MacOS Targeted in WildPressure APT Malware Campaign | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07
AirVPN Christmas Sale 2024!
AirVPN CHRISTMAS SAL...jasonX — 07:52

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>