Our sample, which was not analyzed in the previous research, is:ĭ2eaeca25dd996e4f34984a0acdc4c2a1dfa3bacf2594802ad20150d52d23d68ĭespite having been on VirusTotal for 9 days already, and that the initial Trend Micro research hit the news 5 days ago, this particular sample remains undetected by reputation engines on the VT site as of today.Īs with the GMERA.A variant, the malware comes in a macOS application bundle named “Stockfoli.app”. In this post, we will focus on the interesting points in a particular sample of GMERA.B that pertain to detection and response. Two variants were initially discovered by researchers who identified them as GMERA.A and GMERA.B. Let’s begin by taking a look at the technical details of this new piece of macOS malware. In this post, we first give an overview of how the malware works, and then use this as an example to discuss different detection and response strategies, with a particular emphasis on explaining the principles and advantages of using behavioral detection on macOS. Recently, researchers at Trend Micro spotted a new piece of in-the-wild macOS malware that spoofs a genuine stock market trading app to open a backdoor and run malicious code.
0 kommentar(er)
