XAgentOSX RAT
The XAgentOSX RAT is a Remote Access Trojan that provides attackers with control over infected macOS systems and is the apparent cross-OS counterpart of Sednit. Through this tool, hackers can access information, including passwords, and issue commands for harmful system changes. Users should have anti-malware protection compatible with macOS for removing the XAgentOSX RAT as soon as possible.
Backdoors with an Eye on Operating System Compatibility
The wide-ranging Sofacy group of hackers is long-established as competent with multiple tools for spying on PCs, with many of its forays targeting Windows environments. The XAgentOSX RAT represents an exception, although it seems little more than the direct macOS equivalent of the previous Sednit RAT. Like it, the Trojan's purpose is collecting data and giving long-term control of the infected system over to attackers, while leaving the user none the wiser.
The XAgentOSX RAT uses still-unknown distribution methods, although it's noteworthy that its C&C infrastructure implies a domain-sharing relationship with past attacks against US political entities. Its process of organizing and contacting Web addresses also is highly similar to that of old Sednit or Sofacy backdoor Trojans. Drive-by-download exploits from the latter include both supply-chain compromises of legitimate website and corrupted e-mail attachments.
Unlike a conventional Sednit sample, the XAgentOSX RAT targets macOS environments with features that readers also might see in other backdoor Trojans. It can execute system commands from an attacker, harvest intelligence like active processes, upload or download files, delete or execute files, and use a built-in FTP feature for data transfers. For theft of information, malware analysts also point to XAgentOSX RAT's screen-grabbing and keylogging actions, particularly, which can record visible monitor content and the user's keystrokes.
The threat also shows exceptional interest in collecting passwords from the Firefox browser, with a feature specifically for that purpose.
Watching RATs Scurry Towards Other Devices
As much of an issue as the XAgentOSX RAT presents to an Apple computer's security and privacy, a Sofacy threat actor's interests don't stop there. Besides exhibiting the usual focus on equally-compromising Windows systems, hackers may use the XAgentOSX RAT for determining backup relationships with iOS peripheral devices. Such a feature makes it transparent that the XAgentOSX RAT is part of an overarching series of attacks for breaching entire networks and related hardware, rather than just individual computers.
The XAgentOSX RAT's deployment may relate to attempted espionage against multinational businesses or government entities or even NGOs. Workers may consider concentrating on e-mail security protocols to identify and counter any possible attacks before the infection occurs. Phishing lures associated with the XAgentOSX RAT may use disguises with custom-tailoring for world news, industry events, or employee and workplace-specific communications.
Anti-malware solutions compatible with macOS systems should remove the XAgentOSX RAT as a threat or identify most Trojan droppers and drive-by-download exploits.
Alongside spin-offs like Zebrocy Go or the threat-delivering GAMEFISH, the XAgentOSX RAT is a powerful addition to enterprising criminals' toolkits. Those who take their brand of OS as a signal of immunity to the same problems that Windows users know all too well might find themselves in more trouble than they would think.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.