Nov 14, 2024
Hackers use macOS extended file attributes to hide malicious code
Posted by Saúl Morales Rodriguéz in category: cybercrime/malcode
Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr.
The threat actor is hiding malicious code in custom file metadata and also uses decoy PDF documents to help evade detection.
The new technique is similar to how the Bundlore adware in 2020 hid its payloads in resource forks to hide payloads for macOS. It was discovered in a few malware samples in the wild by researchers at cybersecurity company Group-IB.