New WildPressure Malware Capable of Targeting Windows and MacOSNew WildPressure Malware Capable of Targeting Windows and MacOS
The Trojan sends information back to the attackers' servers about the programming language of a target device.
July 9, 2021
WildPressure, an advanced persistent threat (APT) actor that targets businesses in the industrial sector in the Middle East, is using revamped malware that is able to infect and run on both Windows and macOS systems.
Researchers with Kaspersky have been watching WildPressure and tracking Milum, a malicious Trojan used by the group, since August 2019. Earlier this year, they identified a new WildPressure attack carried out with newer versions of Milum malware. The files discovered contained the Milum Trojan written in C++ and a corresponding Visual Basic Script (VBScript) variant. Another version they found, written in Python, was developed for Windows and macOS.
In investigating WildPressure, researchers found that Milum sends information back to the attackers' servers about the programming language in which the target device is written.
“When first investigating the campaign in 2020, Kaspersky researchers suspected that this pointed to the existence of different versions of this Trojan in different languages. Now this theory has been confirmed.”
The post notes that multi-platform malware capable of infecting devices that run on macOS is rare.
“This particular specimen was delivered in a package, which included the malware, Python library and a script named ‘Guard’. This enabled the malware to launch both on Windows and macOS with little additional efforts.”
Further investigation into this attack uncovered another version of the malware written in Python, which was developed for both Windows and macOS operating systems. All three versions of the Trojan were able to download and execute commands from the operator, collect information, and upgrade themselves to a newer version.
More information can be found here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware