Upon execution, EggShell backdoor ensures persistence on the infected computer by dropping a LaunchAgent. This attack type is called so because in such scenario, the target machine is the one who initiates the connection with the attacker. tag that contains only one command – mdbcmd, that helps to perform a reverse shell attack. The malicious script is made to create hidden file called. Since the Run Script panel needs to be manually expanded by the inspector, the code can be easily overlooked. The obfuscated malicious script reportedly is hidden in Build Phases Tab. One instance of an open-source project available on GitHub and infected with the malware is called TabBarInteraction. The malware itself leverages Apple’s IDE built-in feature that allows running customized shell script on launching an instance of the target app. The obfuscated malicious script can only be noticed in the Run Script module.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |