MacSpy

MacSpy is Malware as a Service (MaaS). The malware authors claim that it is undetected by anti-viruses and it is offered with basic version for free, and in addition in a paid version more advanced features available such as:- File encryption (similar to Ransomware)- Access to emails- Official code signing for the malicious file- Webcam streaming from infected machine- Remote shell- More…

Source: CheckPoint

The website offers the malware containing lots of informative details such as how to download, how the malware should be installed, and even an “About Us” section. Below is a screenshot from the website on TOR network that advertised MacSpy as “The most sophisticated Mac spyware”:

Source: CheckPoint

MacSpy using anti-debug and anti-vm techniques in order to make its analysis harder. It creates a LaunchAgent in order to persist a system reboot.For communication it uses TOR service to send messages to its C&C. A “customer” that will buy the MacSpy service will receive credentials to a Web Portal and allow him to see the information collected from infected machines.

Links:

MacSpy: OS X RAT as a Service

Samples:
d2036f93eaa4b2ba10e42ebd260fc929c3160ba5

Share this: