December 7, 2023 at 02:34PM
A new proxy Trojan targeting macOS users via pirated software creates a covert proxy server to enable backdoor access and illicit activities, Kaspersky reports. The Trojan, also found for Android and Windows, uses DNS-over-HTTPS to evade detection. Experts advise using antiviruses and avoiding pirated software to prevent attacks.
Meeting Takeaways:
1. Discovery of a sophisticated proxy Trojan targeting macOS users through pirated business software.
2. The Trojan conceals itself during installation and sets up a hidden proxy on the user’s system.
3. The proxy server enables threat actors to use the infected system for illegal activities, redirect traffic, and potentially partake in botnet activities such as DDoS attacks.
4. Risks to users include network slowdowns, increased traffic usage, and the potential for their IP addresses to be associated with illegal activities carried out by the Trojan.
5. Kaspersky identifies the use of DNS-over-HTTPS (DoH) by the Trojan to evade basic security solutions by disguising C2 communications.
6. Protection strategies include using antivirus solutions with network traffic analysis and blacklisting known C2 server IP addresses.
7. Users are cautioned against downloading pirated software, as this is a primary method of spreading the Trojan.
8. Ken Dunham from Qualys warns Mac users against complacency, emphasizing that Mac systems are indeed targeted by cybercriminals.
9. A report by Accenture in October indicated a significant increase in threats targeting macOS on the Dark Web since 2019, predicting the upward trend will persist.
Action Items:
– Inform IT department and ensure antivirus solutions and network monitoring are up-to-date and properly configured.
– Educate employees about the dangers of downloading and using pirated software.
– Communicate the need for vigilance among Mac users, counteracting any misconceptions about their vulnerability to cyber threats.
– Monitor industry reports and threat intelligence for updates on macOS-targeted cyber threats.
– Consider conducting a company-wide security training focused on recent threats and protective strategies.