BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Japanese cryptocurrency exchange hit by JokerSpy attack

    Recently disclosed malware masquerades as the built-in antivirus in macOS.

    Unidentified hackers attacked a Japanese cryptocurrency exchange and installed JokerSpy malware on its macOS computers. This was reported by Elastic Security Labs, which tracks attackers under the code name REF9134.

    JokerSpy is a sophisticated toolkit designed to hack macOS machines. It was first described by Bitdefender last week. JokerSpy consists of several programs written in Python and Swift that allow you to collect data and execute arbitrary commands on infected hosts.

    One of the core components of JokerSpy is a self-signed binary called "xcc" that checks for full disk access and screen recording permissions. The file is signed as XProtectCheck, which indicates an attempt to disguise itself as XProtect, the built-in antivirus technology in macOS.

    “On June 1, a new Python tool was spotted that ran from the same directory as xcc and was used to run an open-source post-operational tool for macOS called Swiftbelt,” Elastic security researchers said.

    The attack targeted a major Japanese cryptocurrency service provider specializing in asset swaps to trade Bitcoin, Ethereum and other mainstream cryptocurrencies. The name of the company was not disclosed.

    The "xcc" binary is run with Bash through three different applications: IntelliJ IDEA, iTerm (terminal emulator for macOS), and Visual Studio Code.

    Another module installed as part of the attack is sh.py, a Python implant that is used as a conduit for delivering other post-exploitation tools such as Swiftbelt.

    macOS users should be careful not to download suspicious files or programs from untrusted sources. It is also recommended to use a reliable antivirus and update the system and applications on time. This is the only way to protect your data and cryptocurrency from hackers.

    Author DeepWeb
    Espionage turned into a leak: hackers posted data of thousands of LetMeSpy users online
    Japan emboiled in cyberwar flames: Who and Why is attacking the land of the rising sun?

    Comments 0

    Add comment