Attacks against macOS devices leveraging the open-source Cobalt Strike port dubbed "Geacon" have been increasing in prevalence, according to BleepingComputer.
Despite not gaining much attention since its first appearance on GitHub, Geacon has since gained traction after the emergence of Chinese-developed forks Geacon Plus and Geacon Pro last month, with the fork's inclusion in the Zhizhi Chuangyu Laboratory's public GitHub repository for red-team pen-testing tools further increasing the fork's popularity among threat actors, a SentinelOne report revealed.
Malicious Geacon distribution has been observed in two instances in April, with the first involving an AppleScript applet file that loads a decoy PDF document purporting to be a resume of a certain Xu Yiqing prior to launching Geacon, which could then facilitate data encryption and decryption, data exfiltration, and further malware downloads.
Meanwhile, the other campaign involved the use of a trojanized SecureLink app to deploy Geacon Pro on Intel-based Mac systems running on OS X 10.9 and later versions.
SiliconAngle reports that more companies have been conducting purple team cybersecurity threat evaluations, with security penetration testing firm SpecterOps being the latest to create a collaboration between its offensive and defensive cybersecurity teams in testing and defending corporate systems.