Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack
Jun 26, 2023
Cryptocurrency / Endpoint Security
An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134 , said the attack led to the installation of Swiftbelt , a Swift-based enumeration tool inspired by an open-source utility called SeatBelt . JokerSky was first documented by Bitdefender last week, describing it as a sophisticated toolkit designed to breach macOS machines. Very little is known about the threat actor behind the operation other than the fact that the attacks leverage a set of programs written in Python and Swift that come with capabilities to gather data and execute arbitrary commands on compromised hosts. A primary component of the toolkit is a self-signed multi-architecture binary known as xcc that's engineered to check for FullDiskAccess and ScreenRecording permissions. The file is signed as XPr...
