Moonlock Lab

Lifebuoy
Kseniia Yamburh for RSA Webcast: State-backed APTs are a rising macOS threat (Header image)
Kseniia Yamburh for RSA Webcast: State-backed APTs are a rising macOS threat
Just over a decade ago, Apple was able to boast that Macs were “immune to viruses.” But not only are Macs susceptible to malware — advanced persistent threats (APTs) specifically targeting Mac users...
Jul 10, 2024
13 min read
Hacker deploys macOS stealer disguised as CleanMyMac crack: Header image
Hacker deploys macOS stealer disguised as CleanMyMac crack
A new threat has emerged that is targeting macOS users. At Moonlock Lab, we discovered a malware sample that has evaded detection on VirusTotal since its first submission on May 17, 2024. Most...
Jun 4, 2024
5 min read
Pirate sites spread malware posing as CleanMyMac and Photoshop: Header image
Pirate sites spread malware posing as CleanMyMac and Photoshop
The most important duty of cybersecurity researchers is to keep users informed about emerging threats and vulnerabilities. So today, we delve into the world of cracked software distribution and discover how threat actors...
Apr 16, 2024
5 min read
macOS stealer found camouflaged in an Apple/Bash payload: Header image
macOS stealer found camouflaged in an Apple/Bash payload
In the ever-evolving landscape of cybersecurity threats, macOS users now face a new danger. This time, it comes in the form of a DMG trojan involving a partially obfuscated AppleScript and Bash payload...
Mar 28, 2024
4 min read
A detailed analysis of the SpectralBlur backdoor on macOS: Header image
A detailed analysis of the SpectralBlur backdoor on macOS
Recently, we saw a suspicious file in our sandbox. After some research and analysis, we found the following post on the X social media platform. The post mentions a macOS backdoor known as...
Jan 19, 2024
3 min read
NSServices in macOS and the vulnerability that exploited it: Header image
The macOS NSServices vulnerability that allowed to bypass TCC
NSServices is a powerful and versatile inter-application communication mechanism within the macOS ecosystem, designed to enhance user productivity and streamline application interactions. Unfortunately, a vulnerability in a simple consent prompt allowed bad actors...
Oct 4, 2023
8 min read
An in-depth look at the keylogger malware family: Header image
An in-depth look at the keylogger malware family
In the ongoing war against malware, new threats pop up almost every day — but they still fall under the same general categories. For this analysis, we’ve taken a closer look at the...
Sep 22, 2023
18 min read
Under the hood of the Atomic macOS stealer (AMOS): Header image
Under the hood of the Atomic macOS stealer (AMOS)
In the past year, macOS users have seen increased adware, potentially unwanted applications (PUA), and malware, including stealers. In the case of stealer malware, the goal is to extract personal data from victims...
Aug 16, 2023
3 min read
How to unpack malicious SHC-compiled scripts with Qiling Framework (Header image)
How to unpack malicious SHC-compiled scripts with Qiling Framework
Malware authors often employ a variety of techniques to make life difficult for security researchers. These techniques can include using obfuscation, packing, encryption, and anti-debugging measures to hide the functionality of their code,...
Jul 17, 2023
13 min read
Malicious package distributed through the PyPI registry (Header image)
Malicious package distributed through the PyPI registry
On May 17, a malicious Python package known as “pymafka” was detected in the Python Package Index registry. The “pymafka” package is similar to the legitimate PyKafka software, the client implemented in Python...
Jul 17, 2023
4 min read