Shares tags: macOS, BeaverTail, HiddenRisk • Shares 2 IOCs • Published within a month
2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise
2025-01-20 • Sentinel One •
SentinelOne's macOS malware review highlights DPRK-linked activity against job seekers and cryptocurrency targets during 2024. The BeaverTail section describes North Korean operators impersonating recruiters on LinkedIn, X, and Freelancer, then pushing trojanized MiroTalk or FreeConference applications that steal browser credentials, target cryptocurrency wallet extensions, and can deploy InvisibleFerret for keylogging, file theft, and remote-control tooling. The ToDoSwift and Hidden Risk sections describe BlueNoroff-attributed crypto lures, including signed macOS applications that display decoy Bitcoin or crypto news PDFs while downloading second-stage backdoors from actor-controlled domains such as buy2x[.]com and matuaner[.]com. The report ties these cases to broader Contagious Interview, Operation In(ter)ception, and Operation Dream Job tradecraft.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 95.164.17.24 | 2024-07-15 | 2026-04-01 |
| HASH | 7b13250ac5d8cb908bf694dba6e7d92… | 2025-01-20 | 2025-01-20 |
| HASH | 367362b4ab6384833752b6936c296f3… | 2025-01-20 | 2025-01-20 |
| HASH | 0ffc73ea4fd20cc8d293eae67d0a2c5… | 2025-01-20 | 2025-01-20 |
| HASH | 6c19a41d033ccc39bd42bc2f2e830e1… | 2025-01-20 | 2025-01-20 |
| HASH | 0f7c492ad72741d70396b43d394796a… | 2025-01-20 | 2025-01-20 |
| HASH | 6ab4179d673082ef03d8b200a2a70c2… | 2025-01-20 | 2025-01-20 |
| HASH | 73a3a34d64f199a2f94545e1827d43e… | 2025-01-20 | 2025-01-20 |
| HASH | 85ce988064d5ac2a927f2ee46e5243e… | 2025-01-20 | 2025-01-20 |
| HASH | 2fee1f933acafd92ffb2152058786e5… | 2025-01-20 | 2025-01-20 |
| HASH | 4d23cbaf34463167a3c51f04e2f20a6… | 2025-01-20 | 2025-01-20 |
| HASH | 3efff55f643010647ac72a6761da38d… | 2025-01-20 | 2025-01-20 |
| HASH | 5876eb2770505a6a20801a0df533edd… | 2025-01-20 | 2025-01-20 |
| HASH | 3b4366d5a1d7a59fa6600ace9f66676… | 2025-01-20 | 2025-01-20 |
| HASH | 8abe82f6a083288baafac75227ca9ef… | 2025-01-20 | 2025-01-20 |
| HASH | aa4556b843d250a54d06bc3b2cc36a5… | 2025-01-20 | 2025-01-20 |
| HASH | ce912458662aa0f5859c679be137fd5… | 2025-01-20 | 2025-01-20 |
| HASH | cd70d69ed034eca924227a893912373… | 2025-01-20 | 2025-01-20 |
| HASH | c9611cba90349e78b6051c299dc8d01… | 2025-01-20 | 2025-01-20 |
| HASH | 23f3b070aad47f72ddf2d148f455cce… | 2025-01-20 | 2025-01-20 |
| HASH | 65f47b3297e39e85a4c163184b12439… | 2025-01-20 | 2025-01-20 |
| HASH | cb8f4ad08b9715a16158f5897ad51ef… | 2025-01-20 | 2025-01-20 |
| HASH | dacb501872f6bc1741631ca1f7cd559… | 2025-01-20 | 2025-01-20 |
| HASH | 2e8cadad5ab90651ae36fb09fb386ff… | 2025-01-20 | 2025-01-20 |
| HASH | 40a2ef0be85d4fbaf52fa29aa6cf81a… | 2025-01-20 | 2025-01-20 |
| IPv4 | 43.156.13.232 | 2025-01-20 | 2025-01-20 |
| IPv4 | 103.27.109.217 | 2025-01-20 | 2025-01-20 |
| IPv4 | 45.77.179.89 | 2025-01-01 | 2025-01-20 |
| HASH | 78027c3800ff58321371a28b1e2a6d7… | 2024-11-14 | 2025-01-20 |
| DOMAIN | matuaner.com | 2024-11-07 | 2025-01-20 |
| IPv4 | 45.140.147.208 | 2024-09-04 | 2025-01-20 |
| DOMAIN | buy2x.com | 2024-08-16 | 2025-01-20 |
Related Reports
Shares tag: macOS • Same author: Sentinel One • Published within a month
2024-11-07 •
38% Match
BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence
Sentinel One
Shares tags: macOS, HiddenRisk • Shares 2 IOCs • Same author: Sentinel One
2025-02-04 •
36% Match
#macOS
#BeaverTail
#InvisibleFerret
#Lazarus
#OtterCookie
#FlexibleFerret
#FriendlyFerret
Shares tags: macOS, BeaverTail • Published within a month
Shares tag: Trend • Published within a month
Shares tag: Trend • Published within a month