LaoShu
LaoShu is a Remote Access Trojan or RAT that lets attackers control the PC through system commands. The Trojan is compatible with macOS operating systems and, historically, focuses on exfiltrating information in the same fashion as spyware. Users can block or remove LaoShu through traditional anti-malware products and should prioritize changing passwords for admin-level accounts afterward.
Remote Administrative Attacks with Years of Mac Experience
With attacks going back to 2014, one wouldn't expect a Trojan so old that's maintaining its relevancy into 2020 – and even less yet, on a lesser-used operating system. LaoShu is the 'proud' owner of both these characteristics. This Remote Access Trojan attacks Mac users and collects their information, along with any semblance of control over their computers.
E-mail is a conventional infection route for LaoShu, with criminals sometimes even going so far as to disguise the program's nature with signed digital certificates. Like the backdoor Trojan family of xHunt or the data-thieving Gootkit, it also can disguise itself with fake shipping notifications and obscured links that make it seem benign. Some targeted attacks against valuable victims also include personalized information, such as phone numbers, employee names and industry references.
LaoShu can, like any proper RAT, process system commands, such as opening, deleting, or moving files, which it retrieves from a remote C&C server. It also may download files and, through this feature, install other threats besides itself, such as dedicated spyware modules for collecting specialized data. These features are less exciting and unusual in comparison to its file-collecting function relatively, which searches for particular extensions like DOCs, ZIP-archives them into a bundle, and uploads them onto the criminals' server.
Taking a Remote Manager Out of Your PC
Although collecting information and exerting admin control over a PC are unrelated activities hardly, many RATs with structural similarities to LaoShu prefer lower-level campaigns that run in a semi-automated fashion. For example, a RAT might install adware like Deal2Deal for making money off of ad traffic or a cryptocurrency miner like Skidmap. LaoShu's leveraging its access into the PC for exfiltrating data makes it threatening for businesses, governments, and NGOs with highly-sensitive content on their servers particularly.
Well-publicized LaoShu campaigns are notable for their using in-depth PDF document disguises. However, there's nothing preventing attackers from abusing different exploits and misleading appearances in the future. Mac users should remain dutiful about examining the contents of Web links and files before interacting with them and take notice of telltale signs of danger, such as hidden URLs.
Victims of LaoShu infections should delete LaoShu or quarantine it through compatible anti-malware services as soon as possible. Passwords, address book entries, and other sensitive data also can be at risk in cases whenever attacks don't receive immediate resolution.
Being a Mac user comes with many advantages, but immunity to the Black Hat software industry isn't among them. Trojans, while also Windows and Linux hazards, are unseen in the macOS threat landscape hardly, as everyone should remember.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.