North Korea (Lazarus Group): A new variant of the Dacls RAT (Remote Access Trojan) has been adapted from an existing Linux version to target Mac users. Dacls was first seen back in December targeting Windows and Linux users. This latest variant of Dacls spreads through a trojanized version of MinaOTP, a two-factor authentication application for macOS which is mostly used by Chinese speaking users, according to Malwarebytes. Once the application is installed, it creates a property list file (plist) which specifies that the app needs to be executed after reboot. The trojanized app also includes a config file which is disguised to look like a database file related to Apple’s AppStore, saved to: “Library/Caches/com.applestore.db”. Following installation, the application is named Mina, which assists in the façade that this trojanized application is the legitimate MinaOTP. As with other versions of the Dacls RAT, this allows the attackers to execute commands remotely, manage files, proxy traffic, and run scans.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security