![]() The chain of different stages has become very complex nowadays and the analysis phase takes more time, due to the malware authors’ understanding of how reverse engineering is being done, but also countering the tools we wrote to decrypt their malware. Downloads Bundlor and an unknown payloadĭeveloper ID Application: Bobbie Miller (PX3WCCP368) /SjrIEv6wcu- ConfiantIntel May 14, 2021 ![]() □□ It was delivered through malvertising. ![]() OSX/Bundlore Loader found (0 detections in VT) compiled for ARM (targeting the new M1 MacBook!), and notarized by Apple. MapperState was installed in our honeypot by OSX/Tarmac which itself was downloaded by a OSX/Bundlore loader, compatible ARM and notarized by Apple as we reported one week ago: We didn’t really choose this name as it was taken from the file name, and the C2 server this malware communicated with : mapperstatecom We found a malware we dubbed MapperState. In other words, security vendors won’t be able to see what we see, unless they scan as early as we do in the killchain. Not only do we see bad ads loading and we scan them, but we block them as well. This has to do with Confiant’s detection engine, and our unique position in the Killchain: scanning malicious ads as they load, on major publisher websites in the United States. ![]() I put “luck” between quotes, as we know when you do cyber, you don’t rely on luck to find stuff, but you look at places were most likely stuff like this is to be found. At we had some “luck” finding a new malware targeting the new Apple flagship M1 computers.
0 Comments
Leave a Reply. |