Siggen

Siggen is a backdoor, that allows an attacker to download and execute any Python/Shell script on infected machine. It’s disguised itself as a portfolio or as a WhatsApp messenger.

Source: CheckPoint

When executed, the malware will download a plist file which will be installed on the system as LaunchAgent in order to persist on the system.

Source: SentinalOne

Links:

Mac.BackDoor.Siggen.20
OSX.Siggen – A Fake WhatsApp Trojan

Samples:
66ecc5d96d7fbcb54cac534a16b12e918fa0f11c

Share this: