The trojanized appĪs of September 15, is still active. This blog entry covers the malware’s details. This, in turn, downloads and runs other components, including the aforementioned g.py script and a Mach-O file called “GoogleUpdate” that contains a Cobalt Strike beacon payload. Objective-see previously published a blog entry about this malware, which analyzed how the threat actor repacks the iTerm2 app to load the malicious libcrypto.2.dylib.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |