π¨#Lazarus Mach-O Man toolkit targets corporate systems and credentials, causing downtime and financial losses.
-
#Lazarus Mach-O Man toolkit targets corporate systems and credentials, causing downtime and financial losses. A meeting invite in Telegram launches a multi-stage infection chain. To evade detection, the malware disguises itself as legitimate system processes, deploying Mach-O binaries. The final stealer harvests browser extensions, saved credentials, and Keychain entries β exfiltrating everything via the Telegram Bot API.
οΈ Explore macrasv2 execution chain in a sandbox session and update your detection rules: https://app.any.run/tasks/94b9bc1f-86ff-4069-8222-1cb511d78ad9/?utm_source=mastodon&utm_medium=post&utm_campaign=lazarus_macos_case&utm_term=290426&utm_content=linktoservice
Stay one step ahead with defense tips: https://any.run/cybersecurity-blog/lazarus-macos-malware-mach-o-man/?utm_source=mastodon&utm_medium=post&utm_campaign=lazarus_macos_case&utm_term=290426&utm_content=linktoblog
-
R relay@relay.infosec.exchange shared this topic
