The Mac Malware of 2024 👾

2025-01-01 Objective-see

https://objective-see.org/blog/blog_0x7D.html

Thumbnail for The Mac Malware of 2024 👾

Objective-See's 2024 macOS malware review includes several DPRK-linked specimens, including BeaverTail, SpectralBlur, and the BlueNoroff Hidden Risk campaign. The BeaverTail section describes a fake MiroTalk meeting app distributed from mirotalk[.]net that targets job or meeting victims, steals browser and keychain data, and can fetch second-stage payloads such as InvisibleFerret. The review also notes SpectralBlur as a DPRK-attributed backdoor with file transfer and shell-command features, and Hidden Risk as a BlueNoroff phishing campaign that uses fake crypto news lures and a persistent backdoor against cryptocurrency targets.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 95.164.17.24 2024-07-15 2026-04-01
DOMAIN mirotalk.net 2024-07-15 2025-02-20
IPv4 45.77.179.89 2025-01-01 2025-01-20
HASH ce40829673687b48d68defa3176c8ab… 2025-01-01 2025-01-01
HASH 5365597ecc3fc59f09d500c91c06937… 2025-01-01 2025-01-01
HASH 9eb7bda5ffbb1a7549b1e481b1a6ed6… 2025-01-01 2025-01-01
HASH c265765a15a59191240b253db335546… 2025-01-01 2025-01-01
URL http://download.ultraedit.info/… 2025-01-01 2025-01-01
URL https://api.gofile.io/getServer 2025-01-01 2025-01-01
URL http://download.ultraedit.info/… 2025-01-01 2025-01-01
URL http://bd.ultraedit.vip/fs.log 2025-01-01 2025-01-01
DOMAIN macyy.cn 2025-01-01 2025-01-01
DOMAIN apple-health.org 2025-01-01 2025-01-01
DOMAIN download.ultraedit.info 2025-01-01 2025-01-01
DOMAIN api.gofile.io 2025-01-01 2025-01-01
DOMAIN bd.ultraedit.vip 2025-01-01 2025-01-01
IPv4 89.208.103.185 2025-01-01 2025-01-01
IPv4 22.0.0.16 2025-01-01 2025-01-01
HASH 9abf6b93eafb797a3556bea1fe8a3b7… 2024-07-15 2025-01-01
URL https://meet.no42.org 2024-07-15 2025-01-01
URL https://mirotalk.net/app/MiroTa… 2024-07-15 2025-01-01
DOMAIN meet.no42.org 2024-07-15 2025-01-01

Related Reports

« Back