The GlassWorm malware upgraded itself a step further.

The GlassWorm malware has upgraded itself a step further. This time it has attacked macOS.

The GlassWorm malware, a malware aimed at stealing data on the Krypto Curren C wallet, was already famous for helping one. It was mainly focused on attacks on Windows users, but this time macOS users can no longer be satisfied because this malware has developed so far that they can attack macOS.

According to a report by the website, TechNadu mentioned the return of a new version of GlassWorm malware with the ability to access macOS. The malware originally attacked the Windows system through impersonating an extension of the Web browser (Extension) called Visual Studio Code, but this time for the macOS version, the malware impersonated an Extension for the web browser on macOS, three of which were available (unnamed by the source). The extension was released for download on the Open VSX Marketplace add, which has already been downloaded by up to 50,000 victims.

What distinguishes the macOS version of the malware from the Windows version is that the malware uses JavaScript as a file to send malware into the machine (payload) instead of hiding Unicode scripts in the Rust language code on the Windows version. There is also the use of Solana's Blockchain network as a control server (C2 or Command and Control) with a Solana wallet, which is a groundbreaking technique for using Blockchain networks, according to a research team from Koi Security, a cybersecurity expert who detected this version of the malware.

Payload is encrypted in JavaScript with an AES-256-CBC encryption algorithm to retrieve C2 server addresses from the Solona network based on the endpoint tool (Endpoint) specified within the code. This payload has been created to allow three different formats at the same time with full compatibility with the macOS platform.

Stealth Execution with AppleScript implementation instead of PowerShell to be compatible with this platform.

Persistence through modification of LaunchAgents instead of Registry keys and Scheduled Tasks allows malware to rework every time it is rebooted.

Database Theft directly targets passwords in Keychain.

In addition, the malware has also been detected by Apple's system with a 15-minute Delayed Execution to avoid being caught in Sanbox for 5 minutes of use. This pattern is embedded as a constant within the malware code.

And what makes this malware the most malware is the ability to reach a hardware kerrency or Hardware Wallet. The malware, after it is processed, scans for applications for Hardware Wallet, such as Ledger Live and Trezor Suite, installed on the machine to trap data transmission between the wallet and the application, controlling the transfer of the wallet, or trapping the wallet loan code or the Seed Phrase between the victim to recover the wallet, etc.

# memologic # Trending # Lemon 8 Howtoo # Drug sign with lemon8 # lemon 8 diary