1. Home
  2. Software
  3. Janicab

Janicab

Janicab is an OS X trojan that relied on a valid developer ID and oblivious users to install it. [1]

ID: S0163
Type: MALWARE
Platforms: macOS
Version: 1.1
Created: 14 December 2017
Last Modified: 12 September 2024
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1113 屏幕捕获

Janicab captured screenshots and sent them out to a C2 server.[2][1]
Enterprise T1123 音频捕获

Janicab captured audio and sent it out to a C2 server.[2][1]
Enterprise T1053 .003 预定任务/作业: Cron

Janicab used a cron job for persistence on Mac devices.[1]
Enterprise T1553 .002 颠覆信任控制: Code Signing

Janicab used a valid AppleDeveloperID to sign the code to get past security restrictions.[1]

References

  1. Thomas. (2013, July 15). New signed malware called Janicab. Retrieved July 17, 2017.
  1. Brod. (2013, July 15). Signed Mac Malware Using Right-to-Left Override Trick. Retrieved July 17, 2017.