AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Macos malware used runonly to detection1/10/2024 ![]() InstallationĪs soon as it starts, the application presents us with a sham license agreement. The user is unlikely to notice the difference, especially if he has not used the app before. Interestingly, Calisto’s authors chose the ninth version of the program as a cover which is still relevant.įor illustrative purposes, let’s compare the malware file with the version of Mac Internet Security X9 downloaded from the official site. The Calisto installation file is an unsigned DMG image under the guise of Intego’s security solution for Mac. We have no reliable information about how the backdoor was distributed. So we decided to unpick Calisto to see what it is and why its development was stopped (or was it?). ![]() Malware for macOS is not that common, and this sample was found to contain some suspiciously familiar features. But for two whole years, until May 2018, Calisto remained off the radar of antivirus solutions, with the first detections on VT appearing only recently. The malware was uploaded to VirusTotal way back in 2016, most likely the same year it was created. We recently came across one such sample: a macOS backdoor that we named Calisto. ![]() Also of interest are developmental prototypes that have had limited distribution or not even occurred in the wild. An interesting aspect of studying a particular piece of malware is tracing its evolution and observing how the creators gradually add new monetization or entrenchment techniques.
0 Comments
Read More
Leave a Reply. |