For convenience and productivity, browsers and many enterprise apps that are designed to work across devices, such as Slack, TeamViewer, Zoom and similar, allow the user to remain logged in until they explicitly log out. One of the top targets for observed macOS malware are session cookies stored on user’s devices.
In this post, we look at the data assets targeted by macOS malware in some of the most recent in-the -wild incidents in order to help defenders better protect the enterprise and hunt for signs of compromise. In recent posts, we have looked at how threat actors deliver payloads to macOS targets and how they attempt to evade detection. On macOS, threat actors will quietly exfiltrate session cookies, keychains, SSH keys and more as malicious processes from adware to spyware look to harvest data that can be recycled and sold on various underground forums and marketplaces, or used directly in espionage campaigns and supply chain attacks. However, the idea of stealing valuable data and then monetizing it in nefarious ways is a tactic that is now common across platforms. With a few unsuccessful exceptions, the notion of locking a Mac device and holding its owner to ransom in return for access to the machine and its data has not yet proven an attractive proposition for attackers. The scourge of ransomware attacks that has plagued Windows endpoints over the past half decade or so has, thankfully, not been replicated on Mac devices.
0 kommentar(er)
