Hackers trick macOS users into becoming part of a proxy botnet by offering them pirated commercial software, researchers have revealed
A new Kaspersky report has exposed dozens of premium programs that are offered for free online, but bundled with the installation files are proxy Trojan installers.
In total, Kaspersky discovered 35 programs, including image editing software, video compression and editing programs, data recovery and network scanning tools, and more, all offered in PKG format instead of the standard disk image format.
Increased privileges
The most popular software, the researchers added, include:
- 4K Video Downloader Pro
- Aissessoft Mac data recovery
- Aiseesoft Mac Video Converter Ultimate
- AnyMP4 Android Data Recovery for Mac
- Downy 4
- FonePaw Data Recovery
- Sketch
- Wondershare UniConverter 13
- SQLProStudio
- Art Studio Pro
The PKG format allows all bundled scripts to run with the same elevated permissions. This means that the trojan is given permission to modify files, auto-run apps, and execute commands.
Proxy Trojans work by assimilating compromised endpoints into a network. The bandwidth these endpoints have is then offered on the dark web to other hackers, who use it to remain anonymous while performing various illegal tasks online, such as hacking, phishing, and illegal goods transactions.
While this specific campaign appears to target macOS users, Kaspersky researchers have reason to believe that this threat actor is also targeting other operating systems, just with a different installer.
Less than a month ago, cybersecurity researchers at BitSight discovered a large proxy botnet that includes more than 10,000 infected devices. The proxy botnet is called Socks5Systemz and its operators used two separate loaders, PrivateLoader and Amadey, to infect the endpoints.
The loaders were usually distributed via phishing, various exploit kits, malicious advertisements, fake programs, cracks, keygens and the like. Operators can then sell access to these devices to subscribers, who pay anywhere from $1 to $140 to gain access and redirect their traffic.
Through BleepingComputer