In December 2019, Qihoo 360 NetLab identified and described the Dacl RAT malware for Windows and Linux. Its development was attributed to the North Korean Lazarus group. A Dacl RAT version for the Mac OS has also been identified by the Threat Intelligence Team at Malwarebytes Lab.
This trojan was embedded in a 2FA app called MinaOTP, which is primarily used by Chinese-speaking users. Just like the Linux version, it was equipped with numerous features, including command interpreter, file management, network scanning or network proxy.
DacL RAT malware analysis
A thorough analysis of the embedding in the 2FA app, the malware’s internal structure and the used MAC OS mechanisms was published on the Malwarebytes Lab Threat Intelligence Team blog.
What is malware?
Malware is the general name for the malicious software that cybercriminals utilize for attacks, such as infecting servers or data theft. Infecting workstations and hijacking control over them through malware hidden in files sent via e-mail or uploaded onto specifically prepared website is becoming an increasingly common attack method. Attack-specific malware is also being used on more occasions than before. It is not detected by commonly used antivirus systems of the IPS/IDS (Intrusion Prevention / Detection System) type or firewalls. The scale of this phenomenon is humongous – more than 140 million variants of various malicious apps and scripts are created every year. Anti-malware solutions, like the Fidelis XPS by Fidelis Cybersecurity, are effective ways to protect against such threats.
—
Do you need cybersecurity solutions for your company – contact us.
