As a follow up to yesterday’s Kumar in the Mac post… have you received e-mail attachments such as this?
• Content_of_article_for_[NAME REMOVED].app.zip
If so, you may be the target of a spear phishing campaign designed to install a spyware on your Mac.
Here’s a list of binaries signed by Apple Developer “Rajinder Kumar”.
Detected as Trojan-Spy:OSX/HackBack.B:
• 290898b23a85bcd7747589d6f072a844e11eec65 — mentioned in yesterday’s post.
Detected as Backdoor:OSX/KitM.A (includes screenshot feature):
Though the spear phishing payloads are not particularly “sophisticated”, the campaign’s use of German localization and the target’s name (removed in the example above) does indicate the attackers have done some homework.
Leave a reply