Mac users are being targeted again with dangerous malware - here's what to know
Hackers are expanding a proxy botnet to hit macOS users
Hackers are tricking macOS users into becoming a part of a proxy botnet by offering them pirated commercial software, researchers have revealed
A new Kaspersky report has uncovered dozens of premium programs being offered for free online - but bundled with the installation files are proxy trojan installers malware.
In total, Kaspersky uncovered 35 programs, including image editing software, video compression and editing programs, data recovery and network scanning tools, and more, all being offered in PKG format instead of the standard disc image format.
Elevated privileges
The most popular software, the researchers added, include:
- 4K Video Donwloader Pro
- Aissessoft Mac Data Recovery
- Aiseesoft Mac Video Converter Ultimate
- AnyMP4 Android Data Recovery for Mac
- Downie 4
- FonePaw Data Recovery
- Sketch
- Wondershare UniConverter 13
- SQLPro Studio
- Artstudio Pro
The PKG format allows all bundled scripts to execute with the same, elevated permissions. This means that the trojan is granted permission to modify files, autorun apps, and execute commands.
Proxy trojans work by assimilating compromised endpoints into a network. The bandwidth these endpoints have is then offered on the dark web to other hackers, who use it to stay anonymous while performing different illegal tasks online, such as hacking, phishing, and illicit goods transactions.
While this particular campaign seems to be targeting macOS users, Kaspersky’s researchers have reason to believe that this threat actor targets other operating systems as well, just with a different installer.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Less than a month ago, cybersecurity researchers at BitSight discovered a major proxy botnet encompassing more than 10,000 infected devices. The proxy botnet is called Socks5Systemz, and its operators used two separate loaders, PrivateLoader and Amadey, to infect the endpoints.
The loaders were usually distributed via phishing, different exploit kits, malicious ads, fake programs, cracks, keygens, and similar. Operators can then sell access to these devices to subscribers, who pay anywhere between $1 and $140 to access them and reroute their traffic.
Via BleepingComputer
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.