Black Hat Briefings

Proton Malware Being Offered on Russian Hacking Forum

993
women angry with mac computer and no malware sign
A Mac OS Remote Administration Tool called Proton is being sold at 40 BTC through the dark web. The malware can facilitate remote espionage and theft.
Ever since the widespread notion that Mac operating systems were invulnerable to malware attacks was dispelled, more hackers have been developing malicious software targeted at the systems.
It seems like cybercriminals are coming up with increasingly advanced and sophisticated tools to achieve their goals.
Your TOR usage is being watched
Internet security researchers at Sixgill have discovered that Mac malware capable of facilitating theft and remote espionage is currently being sold on a dark web hacking forum based out of Russia.
Sixgill is a cyber intelligence firm whose primary goal is to identify cyber threats and confidential data breaches that are facilitated by dark web platforms and forums.
The Mac malware being marketed in this case is a Remote Administration Tool (RAT), referred to as Proton, belonging to the Trojan malware category.
The researchers got wind of Proton from a post in a popular dark web cybercrime message board in Russia.
The board has since been closed.
According to the author of the underground post, the Proton RAT is capable of evading antivirus solutions, rendering it undetectable, and is exclusively intended for Mac devices.
Sixgill security researchers stated that the author revealed that the malware is written in native Objective C. As such, the RAT operates without any dependencies.
The poster also boasted that the current MAC OS malware detection tools are ineffective against the Proton RAT.
Going by the information gathered from the dark web post, the MAC OS Proton RAT has several key capabilities.
The malware has root access features and privileges.
According to the researchers, the author must be in possession of and have utilized an unpatched zero-day exploit.
This is the only way to have root access and privileges on MAC OS.
An attacker can, therefore, utilize it to gain complete command and control of the victim’s machine.
This means full access to console commands and file manager in real-time, webcam operation or surveillance, screenshots, VNC/SSH connectivity, and key logging.
The hacker can also be able to execute custom native windows that requests confidential or sensitive information including credit card and driver’s license details.
picture of a mac computer
The hacker can get confidential and sensitive informations
The Mac OS Proton RAT also features iCloud access even if the end user enables two-factor authentication.
More worryingly, the malware bears authentic code signing signatures from Apple.
In order to gain genuine certification, third-party software developers have to undergo a rigorous filtration process implemented by Apple.
The researchers speculate that the author of Proton could have either illegally acquired developer credentials or infiltrated the Apple’s Developer identification program.
With root privileges and access, an attacker can be able to disguise the app as a genuine Apple app complete with an icon and name.
Mac users may be duped into proceeding to download and installing the MAC OS Proton RAT.
The malware is often marketed as surveillance software for organizations to monitor employee activity, spouses to discover cheating partners, and parents to monitor their children’s online activities.
The dark web author of the malware initially asked for a very steep price of around 100 bitcoins for unlimited use.
With the current BTC price, this translated to more than $100,000.
This asking price was lowered considerably to 40 bitcoins after the developer was criticized for asking for such a hefty price for the malware.

Cybercriminals could also have access to an installation license for one Mac, with authentic Apple certifications, for 2 bitcoins.
The purchasing process of Proton was quite elaborate.
The developers have set up a website dedicated to selling the Mac malware.
The site features a login system and payment options for the software.
Promotional items related to the RAT are also available at the website.
The developers uploaded a brief video to YouTube detailing the Proton installation process.
The malware is believed to have been active since late last year. I
t is important to note that Apple updated its Xprotect software to detect malware including Xagent and OS X Proton A.
However, the relatively unknown nature of Proton means that it may still pose a significant threat to Mac users.

Comments

Post a Comment

Popular posts from this blog

Dark Web Enables Easier Access to WMDs

Image
Dark Web Enables Easier Access to WMDs The UN’s Head of Disarmament Affairs raises concerns over the dark web, specifically how it has made it easy for terrorists to access WMDs. The head of the UN’s Disarmament Affairs, Izumi Nakamitsu, has expressed concerns over the potential availability of weapons of mass destruction (WMDs) on the dark web. According to Nakamitsu, the deluge of weapons and technology that is available for purchase or hire on various dark web markets makes it a lot easier for terrorists and other non-state actors to get their hands on dangerous WMDs. A well-visited criminal hotspot, the dark web is known for its underground marketplaces where illegal goods—both digital and physical—are bought and sold using cryptocurrency. While the majority of dark web markets, sites and forums generally have low entry barriers, a few require a more exclusive, invite-only membership to gain access to. Nakamitsu’s chief concern is the threat terrorists c...
Keep reading

Some of the Biggest Hacks Ever

Image
Some of the Biggest Hacks Ever Biggest hacks ever occurred in our modern day history A lot has happened in the cyber world over the past decade, and a lot more is still going on. Below is a list of some of the biggest hacks that have occurred in modern day history, and their corresponding impact on both parties of the attack. 1. WannaCry Just recently, the world witnessed a widespread ransomware attack that hijacked some high-stakes entities, which involved government institutions, multinationals, private companies and many more. When the virus took control of these systems, it would demand payment of $300 USDin the form of Bitcoins, to be delivered over a span three days. Failure to pay the ransom within the said number of days would make the required payment double to a sum of $600USD. And after a duration of six days, and no payments were made, then the files would be automatically deleted from the system. The virus caused a major shakeup for the affected enti...
Keep reading

Black Hat Briefings

Image
Messaging App Kik Launches Its Own Cryptocurrency Messaging app Kik just announced that it would be launching a new cryptocurrency called Kin, to be used to buy digital services within the app. On May 25, Kik Interactive announced that the firm would be introducing its own cryptocurrency, which will enable users to purchase digital services on its platform. Messaging app Kik just announced that it would be launching a new cryptocurrency called Kin, to be used to buy digital services within the app.Kik Interactive is behind the “Kik” messaging service based in Canada. The free messaging and chat app, founded in 2009, is geared towards a teen demographic......... It boasts of around 300 million registered users. The proposed cryptocurrency is called “Kin,” a short form of Kinship or community. The plans to launch the cryptocurrency are currently underway and the company’s officials expect the system to debut sometime this year. The firm did not reveal how ...
Keep reading