North Korea (Lazarus Group): A new variant of the Dacls RAT (Remote Access Trojan) has been adapted from an existing Linux version to target Mac users. Dacls was first seen back in December targeting Windows and Linux users. This latest variant of Dacls spreads through a trojanized version of MinaOTP, a two-factor authentication application for macOS which is mostly used by Chinese speaking users, according to Malwarebytes. Once the application is installed, it creates a property list file (plist) which specifies that the app needs to be executed after reboot. The trojanized app also includes a config file which is disguised to look like a database file related to Apple’s AppStore, saved to: “Library/Caches/com.applestore.db”. Following installation, the application is named Mina, which assists in the façade that this trojanized application is the legitimate MinaOTP. As with other versions of the Dacls RAT, this allows the attackers to execute commands remotely, manage files, proxy traffic, and run scans.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.