Compromised WordPress websites have been enlisted by threat actors in a campaign targeting macOS users. WildPressure is the group of threat actors that have added a macOS malware variant to their campaign targeting energy sector businesses. Compromised WordPress websites are being utilized to carry out attacks.
Novel malware, named Milum, has been retooled with a PyInstaller bundle containing a trojan dropper compatible with Windows and macOS systems. The compromised endpoints will allow the threat group to download and upload files along with execute demands. On Wednesday, researchers noticed WildPressure targeted Middle East organizations with a C++ version of Milum. This sample of Milum includes a self-decrypting VBScript Tandis trojan, a mac-OS compatible PyInstaller and a multi-OS Guard trojan.
Read more: MacOS Targeted in WildPressure APT Malware Campaign