JAKARTA - Kaspersky researchers have identified macOS variants of HZ Rat's backdoor targeting WeChat and DingTalk users, two popular messaging platforms from China.
The malware, which was first detected on the Windows system, now threatens macOS. The macOS version of HZ Rat is distributed through the installation of the fake OpenVPN Connect application.
This install contains a valid VPN client along with two dangerous files: the backdoor itself and a script that launches a backdoor with VPN clients.
Once started, the backdoor is connected to the attacker's server using a pre-defined IP address list, with all communications encrypted to avoid detection.
Analysis of Kaspersky experts shows that macOS' backdoor collects information such as victim usernames, office email addresses, and phone numbers from unprotected DingTalk and WeChat data files.
SEE ALSO:
To reduce the risk of malware infections such as HZ Rat, Kaspersky recommends the following:
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)