HomeCyber BalkansHackers Enhance Cobalt Strike Capabilities for Targeting macOS Users

Hackers Enhance Cobalt Strike Capabilities for Targeting macOS Users

Published on

spot_img

A new Cobalt Strike implementation, called Geacon, written in Golang, has attracted the attention of cyber threat actors who are now using it to target vulnerable macOS devices. Geacon is a port of Cobalt Strike, a well-known red teaming and adversary simulation tool created by Fortra that has been misused over the years by threat actors through illegally cracked versions of the software. While Cobalt Strike has mostly targeted Windows post-exploitation activity, attacks against macOS are uncommon. Geacon first surfaced on GitHub as a promising Cobalt Strike port, but it didn’t draw much hacker interest until two forks, Geacon Plus (a free and publicly accessible version) and Geacon Pro (a private, paid version), were uploaded on GitHub by unidentified Chinese developers.

According to SentinelOne, which recently detected an increase in the number of Geacon payloads that have been detected on VirusTotal, the Geacon fork was also added to the 404 Starlink project, a public GitHub repository dedicated to red-team pen-testing tools. This addition may have contributed to the Geacon fork’s rise in popularity and attracted users with malicious intent. SentinelOne discovered two instances of Geacon deployment in VirusTotal submissions on April 5 and April 11. The first instance is an AppleScript applet file that checks if a macOS system is supported before downloading an unsigned Geacon Plus payload from a command and control server with a Chinese IP address. The downloaded file is then integrated into the Geacon binary after showing the user a two-page decoy document. The second payload is a trojanized version of the SecureLink application used for secure remote support, which includes a copy of Geacon Pro.

While it is possible that some of the activity around Geacon is legitimate red team use, researchers warn that it is also possible that genuine threat actors will make use of the public and private forks of Geacon now available to them. They advise enterprise security teams to use attack simulation tools like Cobalt Strike and Geacon to test and improve their security posture.

In summary, the rise of Geacon, a new Cobalt Strike implementation, has caught the attention of threat actors looking to target vulnerable macOS devices. SentinelOne expects this trend to continue as Geacon gains popularity among hackers. Enterprises are advised to use attack simulation tools like Cobalt Strike and Geacon to test their security posture against potential cyber attacks.

Source link

Latest articles

EU Extends Chat Control Rules to 2028

EU Moves Towards Extension of Temporary Child Protection Regulations: Privacy Concerns Emerge The European Union...

281 Android VPN Apps Expose Users to Traffic Leaks, Tracking, and Tunnel Hijacking Issues

A recent security analysis has illuminated significant privacy and security vulnerabilities within a staggering...

UNK MassTraction Aims for Partnerships with US and Canadian Universities

Targeted Cyber Attacks on U.S. and Canadian Universities: The Threat of UNK_MassTraction A newly identified...

Dell BIOS Flaw Allows Attackers to Extract Plaintext Passwords Without Brute Force

Critical Dell BIOS Vulnerability Exposed: An Urgent Security Concern A recently surfaced vulnerability in Dell's...

More like this

EU Extends Chat Control Rules to 2028

EU Moves Towards Extension of Temporary Child Protection Regulations: Privacy Concerns Emerge The European Union...

281 Android VPN Apps Expose Users to Traffic Leaks, Tracking, and Tunnel Hijacking Issues

A recent security analysis has illuminated significant privacy and security vulnerabilities within a staggering...

UNK MassTraction Aims for Partnerships with US and Canadian Universities

Targeted Cyber Attacks on U.S. and Canadian Universities: The Threat of UNK_MassTraction A newly identified...