Sunday, June 7, 04:08
Home security 2FA application was infected by a variant of Dacls Trojan

2FA application was infected by a variant of Dacls Trojan

Dacls

A legal 2FA application for devices MacOS, has been infected by North Koreans hackers to be able to access and install trojan Dacls, which is connected to the group Lazarus.

That said Trojan, has been used in older cases to target systems Windows and Linux. The new Dacls executive, created for macOS, borrows many of the functions of its predecessors.

The hackers managed to insert malware into the free application MinaOTP which is especially popular with Chinese users. A sample of the malicious version, with the name TinkaOTP, was unveiled last month on the VirusTotal scan service.

According to his analysts Malwarebytes, at that time had gone unnoticed. At present, the malicious file is located on 23 of the 59 protection machines from viruses.

Malware runs after the system restarts, as it is added to the plist list file used by LaunchDaemons and LaunchAgents to run applications at startup.

An additional feature that shows that they have a common root is the malware configuration file, which is encrypted with the same AES key that appears in Dacls RAT for Linux.

The researchers They also found that six of the seven add-ons in the macOS sample also exist in the Linux variant. However, the new variant is differentiated in the Socks module that starts a proxy between malware and C2 infrastructure.

Researchers at Qihoo 360's Netlab have released more details, which you can see here.

This isn't the first time Lazarus has leaked malware to a legitimate app. systems macOS. In September 2019, security researchers analyzed a commercial application for macOS, which turned out to contain malware for stealing user information, and last December, a new malware macOS software from Lazarus used the same tactics.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...