Novel macOS malware strains with Chinese origins prevalent

SecurityWeek reports that many of the over 12 new macOS malware families identified in 2022, which is an increase from eight new malware families discovered in 2021, were associated with China. Chinese threat actors are believed to be mainly behind the DazzleSpy malware, an information stealer and backdoor leveraged in a state-sponsored cyberespionage operation against Hong Kong activists, a report from Mac security expert Patrick Wardle showed. Moreover, suspected DazzleSpy-linked persistent backdoor VPN Trojan, also known as Covid, has enabled second-stage payload download and execution from memory. The report also showed that a Chinese advanced persistent threat group was behind the Go-based oRAT malware, which features numerous cyberespionage capabilities. Both the Rshell backdoor, which facilitates data theft, and the Gimmick malware, which leverages cloud providers for command-and-control, have also been tied to Chinese cyberespionage operations. Chinese attackers have also used the novel Alchimist attack framework to target macOS, Windows, and Linux devices with the Insekt RAT. Other macOS malware strains discovered last year include SysJoker, CloudMensis, CrateDepression, SentinelSneak, KeySteal, CoinMiner, and Pymafka.