Hackers Hijacking 2FA App on Mac OS to Distribute Dacls Malware

North korean hacker 2fa hack macos

Hackers have hidden malware in 2FA app to spread Dacls, a remote access trojan linked to the North Korean Lazarus hackers, A legitimate (2FA) software for macOS Dacls has been used to attack Linux and Windows systems, and the recently found macOS RAT version borrows much of the features and code from them, The malware was hidden in TinkaOTP of which the Original version the software is MinaOTP also known to be popular among most Chinese users.

Dacls tasks are to implement commands, handling data in the system, controlling processes in the system, proxying traffic, and detecting worms. Just after your data has been obtained, its encrypts the data then connects to its C2 server via a TLS connection.

The Malware was discovered after the Creator modified it and uploaded it to virustotal last month . It passed completely unnoticed at a certain time, April 8, claim Malwarebytes. At the moment 23 out of 59 antivirus programs are detecting the malicious file.
The malicious software runs after the device has been rebooted, as it is added to a properties lists (plist) file used by LaunchDaemons and LaunchAgents to run applications when starting



0 Comments

Post a Comment

Post a Comment (0)

Previous Post Next Post