image credit: unsplash
A sneaky macOS backdoor that allows attackers to remotely control infected machines has been hiding in trojanized applications for the platform that are hosted on Chinese websites. The “.fseventsd” binary bears some resemblance to known malware baddies, but adds a new layer of stealth that sets it apart.
Researchers from Jamf Threat Labs discovered the series of poisoned apps being hosted on the Chinese site macyy[.]cn; they have been modified to communicate to attacker infrastructure, though “it’s highly likely they’re being hosted on other application-pirating websites as well,” Jaron Bradley, director at Jamf Threat, tells Dark Reading.
Comments are closed.
