Tarmac
Apple devices continue to be a frequent target of cybercriminals, and Mac-compatible malware is becoming a more common occurrence with each passing year. Earlier in 2019, malware researchers identified a new piece of Mac malware that goes by the name 'Shlayer Trojan.' The purpose of this threat seemed to be to work as a downloader for more prominent malware families, but researchers were unable to identify the secondary payload that the Shlayer Trojan delivers. However, a recent sample of the Shlayer Trojan has changed this – the sample appeared to deliver a secondary payload that cybersecurity experts have dubbed Tarmac. Unfortunately, it is still not clear what purposes the Tarmac malware serves, and the reason for this is rather surprising.
Usually, security researchers need to observe newly discovered malware's actions to determine its functionality and purpose. However, this is not possible in the case of the Tarmac malware because the Command & Control servers it needs to work with are offline – this makes it impossible for the threat to retrieve commands, nor can it provide its operators with meaningful details. The only significant trait of the Tarmac malware that researchers were able to identify was its ability to collect hardware and system information from the infected host. All reconnaissance information is supposed to be transferred to one of Tarmac's Command & Control servers, but, as we mentioned above, the infrastructure behind the malware is offline.
The Well-known Shlayer Trojan is Used to Deliver Tarmac as a Second-Stage Payload
The Shlayer Trojan downloader and the Tarmac malware appear to always arrive in a combination, and they are being spread via malvertising campaigns that redirect users to shady websites that offer fake updates for popular Adobe products. Users who believe the social engineering tricks used by the threat's operators may end up downloading a harmful file that delivers the Shlayer Trojan on their computers. If the latter runs successfully, it will attempt to deploy the Tarmac malware to the compromised host. So far, all malvertising campaigns linked to the Shlayer + Tarmac combo have targeted users in Japan, the United States and Italy.
Although Tarmac's abilities are not yet known, you can rest assured that this threat should not be underestimated – second-stage payloads are almost always high-profile threats, and it would be a surprise if the Tarmac malware fits this profile too. It is important to ensure your Mac device's security by utilizing the services of a reputable anti-virus tool.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.