Mac users are being targeted again with dangerous malware - here’s what to know

Hackers are expanding a proxy botnet to hit macOS users

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are tricking macOS users into becoming a part of a proxy botnet by offering them pirated commercial software, researchers have revealed

A new Kaspersky report has uncovered dozens of premium programs being offered for free online - but bundled with the installation files are proxy trojan installersmalware.

In total, Kaspersky uncovered 35 programs, including image editing software, video compression and editing programs, data recovery and network scanning tools, and more, all being offered in PKG format instead of the standard disc image format.

Elevated privileges

The most popular software, the researchers added, include:

The PKG format allows all bundled scripts to execute with the same, elevated permissions. This means that the trojan is granted permission to modify files, autorun apps, and execute commands.

Proxy trojans work by assimilating compromisedendpointsinto a network. The bandwidth these endpoints have is then offered on the dark web to other hackers, who use it to stay anonymous while performing different illegal tasks online, such as hacking, phishing, and illicit goods transactions.

While this particular campaign seems to be targeting macOS users, Kaspersky’s researchers have reason to believe that this threat actor targets otheroperating systemsas well, just with a different installer.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Less than a month ago, cybersecurity researchers at BitSight discovered a major proxy botnet encompassing more than 10,000 infected devices. The proxy botnet is called Socks5Systemz, and its operators used two separate loaders, PrivateLoader and Amadey, to infect the endpoints.

The loaders were usually distributed via phishing, different exploit kits, malicious ads, fake programs, cracks, keygens, and similar. Operators can then sell access to these devices to subscribers, who pay anywhere between $1 and $140 to access them and reroute their traffic.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Should your VPN always be on?

This new malware utilizes a rare programming language to evade traditional detection methods

This new phishing strategy utilizes GitHub comments to distribute malware