CyberNews Briefs

Lazarus Group Hides macOS Spyware in 2FA Application

Lazarus Group, a cyberthreat group with known links to North Korea, has added a new variant of the Dacls remote-access trojan (RAT) that specifically targets the macOS operating system. The Dacls RAT has been created from an existing Linux version and was first discovered last December when it targeted Windows and Linux platforms. The new Mac version is now spreading via a two-factor authentication feature that has been trojanized. It appears in a 2FA application for macOS called MinaOTP.

MinaOTP is mostly used by Chinese speakers, according to analysis. Dacls can offer attackers command execution, traffic proxying, worm scanning, and file management. The malicious executable is started, it created a property list file that states the application that needs to be executed after reboot, the content of which is hardcoded within the application.

Read More: Lazarus Group Hides macOS Spyware in 2FA Application

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.