Keep in mind that this malware was able to bypass macOS Gatekeeper (and most likely also XProtect) because it was signed with a valid Apple Developer ID, so it was notarized by Apple. I'm not sure if third party AV's would be able to block it, probably not if it's still zero day, or they need to use behavior blocking. Of course using a third party firewall might also help. But it's a good reminder that security on macOS should be taken seriously. https://www.bleepingcomputer.com/ne...s-use-new-macos-malware-against-crypto-firms/
Wait a minute, wasn't macOS supposed to be way more secure than Windows? This is another major hack where $50 million was stolen from a crypto company. And it all started with a hack of macOS LOL. https://www.bleepingcomputer.com/ne...million-crypto-heist-to-north-korean-hackers/
Here is another hack, there is not much information about the Python based attack, but I'm guessing it was an infostealer. Very weird that many behavior blockers don't offer ''out of the box'' protection against stuff. Examples of Python based infostealers are Braodo and Blazestealer, see second, third and fourth link for more info. https://cybernews.com/crypto/north-korean-hackers-steal-308m-crypto-posing-linkedin-recruiter/ https://fieldeffect.com/blog/unmasking-braodo-inside-the-operations-of-a-relentless-info-stealer https://www.splunk.com/en_us/blog/s...python-malware-and-its-obfuscated-loader.html https://www.darkreading.com/applica...er-python-malware-complete-takeover-developer
BTW, to clarify post number 3. These attacks were based on Windows, but it's also possible to run Python based malware on macOS and Linux, see link. It's not known which malware was exactly used on which OS platform in this particular attack. https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/
