TLP-GREEN
Threat actors have been seen targeting Mac users with the Dridex malware.
Although the malware is not new, this variant appears to still be under development as the final payload was an executable.
The initial file analyzed arrived as a Mach-o executable that performed discovery routines and writes malicious code to files with a doc extension.
The malware continues the malicious activity by enabling macros and retrieving additional payloads from decrypted URLS.
The current impact to MacOS users is minimal due to the payload file extension, however it may prove to be effective upon further development.
SkyWatchSM Alert Legend
Warning
Active Threat
Malware
Ransomware
Phishing
Network/IOT
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
TLP-White
Disclosure is Not Limited.
TLP-Green
Limited Disclosure, Restricted Only to the Community.
TLP-Amber
Limited Disclosure, restricted to the Participant's Organization.
TLP-Red
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.
Discover Glesec.
Authority. Consistency.
Sign-up today for SkywatchSM Alerts.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.