OSX.Casso

macOS systems have become more and more popular in the past decade. This has prompted many cybercriminals to look for malware or vulnerabilities that work with Mac-based systems. Sadly, Mac computers are not the impossible-to-hack devices they were considered to be once, and nowadays, there are plenty of malware families that target macOS systems exclusively. One such family is OSX.Casso, a backdoor Trojan whose development and usage is being attributed to the Lazarus APT group, a cybercrime organization believed to be operating from within North Korea.

The OSX.Casso backdoor is very small in terms of file size – malware researchers have analyzed active samples of the malware and report that just 32KB of the file is responsible for the threatening activity it exhibits. However, its authors have bloated the file size artificially by adding junk code and content that may throw off automatic malware detection tools.

The Newly Spotted OSX.Casso Mac Backdoor Was Already Employed in Several Attacks

In terms of functionality, the OSX.Casso is rather limited due to the strong security measures that macOS has in place, mainly. Despite this, the implant is still able to load a remote shell on the compromised host, therefore enabling the remote attacker to execute commands and code. Thanks to this unauthorized access, the OSX.Casso payload may be used to gather system information, access and read files and manage running processes or services.

While the OSX.Casso backdoor is not as threatening and functional as some of the most popular Windows Trojans, certainly, it is not a threat that should be underestimated. Mac users should make sure to keep their systems protected by a reliable and up-to-date Mac anti-virus solution.