Trojan-Proxy Malware May Target Multiple Operating Systems

Unauthorized websites distributing tampered versions of cracked software have been identified as sources of infection for Apple macOS users with a novel Trojan-Proxy malware.

Researchers explained that perpetrators can leverage this form of malware to generate revenue by establishing a proxy server network or executing illicit activities on behalf of the victim, such as launching assaults on websites, businesses, and individuals, as well as purchasing firearms, narcotics, and other illegal items.

Researchers discovered evidence suggesting that the malware poses a cross-platform threat. This inference is drawn from the discovery of artifacts associated with Windows and Android, which piggybacked on pirated tools.

Trojan-Proxy Disguises Itself as Pirated Apps

The macOS iterations masquerade as authentic multimedia, image editing, data recovery, and productivity tools. This implies that individuals seeking pirated software are the primary targets of the campaign. Unlike their legitimate counterparts distributed as disk image (.DMG) files, the counterfeit versions are disseminated as .PKG installers, featuring a post-install script that triggers malicious behavior after installation.

The ultimate objective of the campaign is to deploy the Trojan-Proxy, which disguises itself as the WindowServer process on macOS to elude detection. WindowServer is a fundamental system process responsible for managing windows and rendering the graphical user interface (GUI) of applications.

Upon initiation, the malware endeavors to acquire the IP address of the command-and-control (C2) server through DNS-over-HTTPS (DoH) by encrypting DNS requests and responses using the HTTPS protocol.

Subsequently, Trojan-Proxy establishes communication with the C2 server and awaits further directives, including processing incoming messages to interpret the IP address to connect to, the protocol to employ, and the message to transmit. This indicates its capability to function as a proxy via TCP or UDP to reroute traffic through the compromised host.

Researchers reported discovering instances of the malware uploaded online as early as April 28, 2023. To counter such threats, users are advised to refrain from downloading software from untrusted sources.

By Zaib
December 8, 2023
Malware
English
December 8, 2023
Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Trojan

Trojan.Malware.300983.Susgen Detection

Trojan.Malware.300983.Susgen is the name and designator of a heuristic detection. Trojan.Malware.300983.Susgen is intended as a designator for an unspecified Trojan horse malware detection. The detection does not... Read more

March 16, 2023
Trojan

PingPull Malware

Security researchers with Palo Alto's Unit 42 discovered and analyzed a new strain of malware called PingPull. The new malware has RAT capabilities and is particularly difficult to detect. PingPull is the newest tool... Read more

June 16, 2022
Mac Malware

GIMMICK Malware Infiltrates macOS Systems

macOS systems are once again the target of a complicated malware attack. In this case, the campaign is carried out by a Chinese adversary tracked under the alias Storm Cloud. Their attack involves the use of a... Read more

March 23, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.