SecureThinkLab
Consulthink S.p.A. Business UnitSecureThinkLab
Consulthink S.p.A. Business UnitMay 6, 2024 • 6 min read • macOS
CVE-2024-34456: Trend Micro Antivirus One Dylib Injection
During a red teaming activity, we gained access to a company MacBook; the Trend Micro Antivirus One software was running and prevented us from running our tools without being detected.So, I analyzed the software and found a misconfiguration that allow to inject a custom dylib into the application process.The CVE202434456 has been assigned to this issue, affecting Trend Micro Antivirus One version 3.10.3 and below. I reported it on February 6, 2024, and according to Trend Micro, following its resolution, the public disclosure was scheduled for today, May 6, 2024....
April 19, 2024 • 12 min read • malwares
Gold Pickaxe iOS Technical Analysis: IPA Overview and C2 Communication Startup
In February 2024 GroupIB wrote a blog post about a mobile Trojan developed by a Chinesespeaking cybercrimine group called Gold Pickaxe.This malware targets both iOS and Android users in the Asia Pacific region in order to collect identity documents, SMS, pictures and other data related to the compromised phones.The malware communicates with the C2 using two protocolsThe websocket protocol used to listen for incoming commands The HTTP protocol used to send information and data to the C2 In this article we are going to analyse the IPA file, and then describe how the malware connects to the C2 websocket server....
March 1, 2024 • 11 min read • malwares
AMOS (Atomic macOS Stealer) Analysis
Hello everybody, this is my first macOS malware analysis, I took a sample from malwarebazaar and tried to reverse it, the sample was uploaded by Cryptolaemus1 on 14 Feb 2024.While analysing the stage two, it was clear that the sample is a variant of Atomic Stealer.Atomic Stealer, as reported by SentinelOne is a macOS info stealer sold on Telegram, able to grab system information, account credential, browser data, session cookies and crypto wallets....