MacOS Malware Madness: The Go-Based Backdoor That Won’t Quit!
A new macOS malware chain uses staged scripts and a Go-based backdoor to bypass safeguards and harvest credentials. The malware cleverly disguises itself, tricks users with Chrome decoys, and routes stolen passwords to Dropbox. Be wary of unsolicited “interview” assessments and Terminal-based “fix” instructions, warns Jamf Threat Labs.
Hot Take:
Looks like macOS is the latest contestant on malware’s favorite game show: “Can You Hack It?” With staged scripts, credential-harvesting decoys, and a persistent Go-based backdoor, this malware chain has all the makings of a top-tier episode. Who knew malware could be so creative and persistent? Cue the dramatic music!
Key Points:
- New macOS malware chain uses a multi-stage attack with staged scripts and a Go-based backdoor for persistence.
- Malware bypasses user safeguards by disguising its activity and maintaining long-term access.
- Second-stage shell script adapts based on whether the system runs on arm64 or Intel chips.
- Credential theft involves a decoy Chrome-style password window and exfiltrates data via Dropbox.
- Jamf Threat Labs attributes the campaign to FlexibleFerret operators, advising caution with unsolicited system prompts.
Already a member? Log in here