Proxy Trojan Targets macOS Users for Traffic Redirection

  /     /     /  
Publicated : 23/11/2024   Category : security


Proxy Trojan Targets macOS Users for Traffic Redirection


Apple users who end up with the Trojan on their machines face a number of bad outcomes, including potential criminal liability.



A sophisticated proxy Trojan targeting macOS has been discovered and is being distributed through pirated versions of genuine business software, including editing tools, data recovery software, and network scanning applications.
The Trojan operates by masquerading as a legitimate program during installation, then subsequently creating a hidden proxy server within the users system, according to a
Kaspersky report
this week. This covert server enables threat actors to maintain a backdoor on the system but also redirect network traffic through the compromised device.
Sergey Puzan, cybersecurity expert at Kaspersky, explains that the presence of such a proxy Trojan can have consequences of varying severity for victims. For instance, if the proxy is used to route the traffic of other users, perhaps by unscrupulous VPNs, that can significantly load up the users network, thereby slowing down its operation or using up any set traffic limit.
Other possible scenarios could see malicious actors using victims computers to increase advertising views; organizing a botnet for the purpose of further DDoS attacks on various sites, organizations, or other users; or for illegal activities, such as buying weapons, drugs, or distributing malicious information or other malicious programs.
In the case of illegal activities on the Internet, there are significant direct risks for the user, since any such action will be performed from that users IP address — and that means on the users behalf.
On the technical front, Kasperskys report noted that in addition to the macOS version, specimens for Android and Windows were discovered connected to the same command-and-control (C2) server. For all three, the researchers highlighted the use of DNS-over-HTTPS (DoH) to conceal C2 communications from traffic-monitoring tools.
Specifically, DoH can allow it to bypass primitive security solutions based only on the analysis of DNS requests, since the request will look like a regular HTTPS request to a server that implements DoH.
The main protection strategy for ordinary users, of course, will be to install a security solution, such as an antivirus with network traffic analysis functions, Puzan says. It is enough to monitor the movement of traffic and changes in the file system.
He adds, In this case, you can add the IP address of the C2 server to the blacklist, then the Trojan will not be able to connect to the server and you will immediately detect its presence in the system.
The proxy is also spread via cracked applications from unauthorized websites, targeting users seeking free software tools and exposing them to potential malware installations — so a simple way to avoid infection is to avoid downloading pirated software.
Ken Dunham, director of cyber threat at Qualys, notes that Mac users might have a misperception that they’re not in the sights of cybercriminals, but the opposite is true.
For instance, Apple fans have
long been targeted
by botnet actors, due to the Mac layer for users and
BSD codebase layer
underneath, which can be silently abused by
malicious users
that compromise an endpoint.
For years, many Mac users felt invulnerable to attack, due to the large volume of attacks seen in the Windows world, Dunham explains. While the attack surface of Windows is clearly much larger, all operating systems and software attack surfaces are under attack in 2023, where attackers leave no stone unturned.  
Specific data points bear this out: In October,
Accenture published a report
revealing a tenfold rise in Dark Web threat actors targeting macOS since 2019 — with the trend likely to continue.
 

Last News

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Proxy Trojan Targets macOS Users for Traffic Redirection