Bitdefender alerts users to a recently discovered Trojan called “JokeySpy” that poses a potential threat to Macs, along with Windows and Linux. This cross-platform backdoor has managed to evade detection by most antivirus programs, raising concerns about its stealthy nature. Limited information is available about this malware at present, but a deeper analysis of its components found on an infected Mac suggests a more intricate and targeted assault specifically aimed at macOS. The security researchers, however, refrain from providing further details.

Designed for Intel and ARM Macs

Among other things, the malware relies on a generic backdoor written in Python, according to the analysis. This first checks the operating system and also has a component “sh.py” to contact a command-and-control server and receive further commands.

According to the report, the third component receives two Mach-O files, which are designed for Intel as well as newer ARM Macs with Apple chips. The developers would also have relied on Swift and are targeting current macOS versions from macOS 12 Monterey. The task is mainly to check the permissions before another spyware component is used, explain the security researchers. For example, they check whether the Mac has full disk access, permission to control the computer via the operating aids and screen recording. The ultimate goal is probably to create screenshots of the screen contents or the window actively used in the foreground.

Evidence of more complex malware toolkit

According to Bitdefender, the identified components appear to be part of a sophisticated malware toolkit; however, the analysis is incomplete, as certain crucial elements have yet to be identified. Consequently, it remains uncertain whether the malware has been deployed selectively or on a large scale, as well as the specific distribution methods employed. Bitdefender acknowledges the need for further investigation to fill these gaps in understanding.

Resources

Contact & Information

Do you have suggestions for improvement or would you like to have an article translated / created? Please contact me!