Subj : Mac users are being targeted again with dangerous malware - here' To : All From : TechnologyDaily Date : Mon Dec 04 2023 18:30:05 Mac users are being targeted again with dangerous malware - here's what to know Date: Mon, 04 Dec 2023 18:18:09 +0000 Description: Hackers are expanding a proxy botnet with more macOS devices, researchers claim. FULL STORY ====================================================================== Hackers are tricking macOS users into becoming a part of a proxy botnet by offering them pirated commercial software, researchers have revealed A new Kaspersky report has uncovered dozens of premium programs being offered for free online - but bundled with the installation files are proxy trojan installers malware . In total, Kaspersky uncovered 35 programs, including image editing software, video compression and editing programs, data recovery and network scanning tools, and more, all being offered in PKG format instead of the standard disc image format. Elevated privileges The most popular software, the researchers added, include: 4K Video Donwloader Pro Aissessoft Mac Data Recovery Aiseesoft Mac Video Converter Ultimate AnyMP4 Android Data Recovery for Mac Downie 4 FonePaw Data Recovery Sketch Wondershare UniConverter 13 SQLPro Studio Artstudio Pro The PKG format allows all bundled scripts to execute with the same, elevated permissions. This means that the trojan is granted permission to modify files, autorun apps, and execute commands. Proxy trojans work by assimilating compromised endpoints into a network. The bandwidth these endpoints have is then offered on the dark web to other hackers, who use it to stay anonymous while performing different illegal tasks online, such as hacking, phishing, and illicit goods transactions. While this particular campaign seems to be targeting macOS users, Kasperskys researchers have reason to believe that this threat actor targets other operating systems as well, just with a different installer. Less than a month ago, cybersecurity researchers at BitSight discovered a major proxy botnet encompassing more than 10,000 infected devices. The proxy botnet is called Socks5Systemz, and its operators used two separate loaders, PrivateLoader and Amadey, to infect the endpoints. The loaders were usually distributed via phishing, different exploit kits, malicious ads, fake programs, cracks, keygens, and similar. Operators can then sell access to these devices to subscribers, who pay anywhere between $1 and $140 to access them and reroute their traffic. Via BleepingComputer More from TechRadar Pro Hacked proxy service has already infected 10,000 systems worldwide with malware Use Windows? You might be part of a malicious proxy network Read our list of the best firewalls right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/mac-users-are-being-targeted-again-with -dangerous-malware-heres-what-to-know --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .