MacSpy

MacSpy is a malware-as-a-service offered on the darkweb ^[1].

ID: S0282

ⓘ

Type: MALWARE

ⓘ

Platforms: macOS

Version: 1.1

Created: 17 October 2018

Last Modified: 30 March 2020

Techniques Used

Domain	ID		Name	Use
Enterprise	T1090	.003	代理: Multi-hop Proxy	MacSpy uses Tor for command and control.^[1]
Enterprise	T1543	.001	创建或修改系统进程: Launch Agent	MacSpy persists via a Launch Agent.^[1]
Enterprise	T1115		剪贴板数据	MacSpy can steal clipboard contents.^[1]
Enterprise	T1113		屏幕捕获	MacSpy can capture screenshots of the desktop over multiple monitors.^[1]
Enterprise	T1071	.001	应用层协议: Web Protocols	MacSpy uses HTTP for command and control.^[1]
Enterprise	T1070	.004	移除指标: File Deletion	MacSpy deletes any temporary files it creates^[2]
Enterprise	T1056	.001	输入捕获: Keylogging	MacSpy captures keystrokes.^[1]
Enterprise	T1564	.001	隐藏伪装: Hidden Files and Directories	MacSpy stores itself in `~/Library/.DS_Stores/` ^[2]
Enterprise	T1123		音频捕获	MacSpy can record the sounds from microphones on a computer.^[1]

References

Patrick Wardle. (n.d.). Mac Malware of 2017. Retrieved September 21, 2018.

PETER EWANE. (2017, June 9). MacSpy: OS X RAT as a Service. Retrieved September 21, 2018.