SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image
Kaspersky exposes sophisticated proxy Trojan targeting macOS systems
Thu, 14th Dec 2023

Global cybersecurity company, Kaspersky, has uncovered a sophisticated proxy Trojan designed to compromise the macOS operating system. The firm stresses that the new threat is disseminated through the distribution of cracked or pirated versions of legitimate software, thereby posing a considerable risk to users who resort to alternative means for acquiring applications.

The Trojan, experts explain, expertly disguises itself as a legitimate programme during installation. Once the Trojan infiltrates a user's system, it secretly establishes a covert proxy server. This server then allows threat actors to reroute network traffic through the compromised device, giving them indiscernible control of the system.

What sets this Trojan apart is its use of DNS-over-HTTPS (DoH) within the WindowServer file. This protocol conceals communication with the Command and Control (C&C) server, thereby ensuring the Trojan's stealth capabilities.

It also establishes a connection with the C&C server using the WebSocket protocol, which is highly unusual for proxy Trojans. Through the WebSocket protocol, the Trojan can receive real-time commands from threat actors, effectively allowing it to adapt to changing circumstances and evade detection more efficiently.

Sergey Puzan, a security researcher at Kaspersky, advises macOs users, "To safeguard against Trojans, rely on robust security software and exercise caution with downloads. Always stick to official sources, avoiding cracked software whenever possible."

Aside from macOS applications, Kaspersky researchers have also identified proxy Trojans designed for Android and Windows platforms. These versions, like their macOS counterpart, are also distributed alongside pirated software.

To counter and safeguard users from Trojans and other potential malware, Kaspersky researchers recommend several measures. These measures include:

  • Keep your main e-mail address and phone number private. A good option is to create an additional e-mail account and purchase an additional SIM card to use for online shopping and other situations that require sharing your data with strangers.
  • Its safer to download your apps only from official stores like Apple App Store, Google Play or Amazon Appstore. Apps from these markets are not 100% failsafe, but at least they get checked by shop representatives and there is some filtration system not every app can get into these stores.
  • Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software
  • Set up your social networks for better privacy. You can choose whether your profile is searchable, and whether other people can tag you, write you messages, or otherwise disturb you. If you tweak your privacy settings on any social networks you use, you wont be bothered by spammers and scammers (which abound on every social network) there.