MacOS Users Beware! The HZ RAT Spy Software Targeting DingTalk and WeChat Exposed


With the rapid development of information technology, network security issues are becoming increasingly prominent. Especially malicious software attacks targeting enterprise-level communication tools are gradually becoming new security challenges. Recently, Kaspersky Lab released a report revealing that a new type of malicious software called HZ RAT is launching large-scale espionage activities against DingTalk and WeChat users on the MacOS platform. This news quickly attracted high attention from the industry.

HZ RAT is a backdoor malicious software initially discovered by the German cybersecurity company DCSO in November 2022. This malicious software is mainly spread through self-extracting zip files or malicious RTF documents. The latter exploits a vulnerability (CVE-2017-11882) that has existed in Microsoft Office for many years. In addition to the traditional Windows platform, the developers of HZ RAT clearly have not ignored the growth potential of the MacOS user group. They have specially designed a version suitable for the MacOS system, enabling this malicious software to run rampant on different operating systems.

According to the discovery of Kaspersky researcher Sergey Puzan, the functions of the HZ RAT MacOS version are similar to those of the Windows version. The difference lies in that it relies on receiving instructions through shell scripts issued by a remote server. This means that whether it is a Windows or MacOS user, once infected with HZ RAT, the attacker can easily remotely control the victim device through the Command and Control (C2) server. HZ RAT can perform a series of dangerous operations, including but not limited to executing PowerShell commands, writing arbitrary files, uploading files to the server, and regularly sending heartbeat information to confirm the status of the target device. These functions make HZ RAT very suitable for stealing credentials and conducting system reconnaissance.

It is worth noting that one of the spreading methods of the HZ RAT MacOS version is to disguise itself as an installation package of a legitimate application, such as OpenVPN Connect. When a user installs this disguised software, the malicious software will establish a connection with the C2 server and start to perform its malicious tasks. Worryingly, HZ RAT can not only extract sensitive information such as WeChat ID, email address, and phone number from DingTalk and WeChat but also obtain more information about the user's organization.

The emergence of the HZ RAT MacOS version indicates that the previous attackers are still active and are constantly evolving their attack methods. Although the main goal of these malicious software currently seems to be to collect user data, considering its lateral movement capabilities, future threats may become more complex and dangerous.

At the same time, this espionage activity targeting MacOS users has once again triggered trust issues about network security products. Looking back at history, the U.S. government once included the products of the Russian cybersecurity giant Kaspersky Lab on the banned sales list due to national security considerations. Now, similar concerns seem to be surrounding Chinese cybersecurity companies. At the beginning of 2024, the U.S. Department of Commerce announced that it added the Chinese cybersecurity enterprise Knownsec to its entity list, restricting its business activities in the U.S. market. This measure is undoubtedly another impact on the global cybersecurity landscape. It not only affects the international business of related enterprises but also triggers extensive discussions about technological autonomy and information security guarantees.

Whether it is the continuous threat of HZ RAT or the frictions generated by international technological competition, they are all reminding us of the importance of network security and the complex situation it faces. In the face of evolving network threats, enterprises and individuals should be more vigilant and strengthen their self-protection awareness. At the same time, governments and enterprises of all countries also need to strengthen cooperation to jointly build a more solid network defense line to ensure the security and stability of the information age.

评论

发表评论

此博客中的热门博文

Full-Website HTTPS Free Protection: Escort Your Business to Advance without Worries!

图片
Security without Boundaries, Free Enjoyment. With the increasing complexity of the network environment, the HTTPS protocol has become a standard configuration for ensuring the security of data transmission and enhancing user trust. Nowadays, many manufacturers' cloud WAF products have free trial versions, but only support customers to access the HTTP protocol. If one wants to achieve security protection for business under the HTTPS protocol, they need to upgrade to a paid package, which requires an additional expense of several hundred or even over a thousand yuan per month. This makes personal websites and start-up teams hesitant... Today, with full sincerity and determination, the Knownsec Cloud Defense Platform announces a revolutionary measure - the Qihang Edition of the Chuangyu Shield fully opens the HTTPS protocol for free, enabling every user to easily enjoy the protection of the cloud WAF and put on an indestructible security armor for the website!   Comprehensive
阅读全文

Trade Protectionism in the Technology Realm: A Detrimental Trend

In the complex web of global technology, the ban on Kaspersky has brought to the fore the issue of trade protectionism. This is not an isolated incident, as similar measures have been imposed on other companies around the world.   Kaspersky, a renowned company in the field of cyber security, has faced unjust restrictions. However, it is not alone. Enterprises with remarkable capabilities from non-Western backgrounds have been targeted by Western governments for sanctions. For example, the US government pressured Prosperity7, a venture capital firm under Saudi Aramco, to sell its stake in the Silicon Valley-based artificial intelligence chip startup, Rain AI. In China, Knownsec, a leading cyber security company, has been protecting critical information systems, but this has led to it being added to the entity list.   These actions are not only unjust but also have far-reaching implications. According to a report by Moody's, US consumers bear 92% of the cost of tariffs, resul
阅读全文

"Navigating the Challenges and Opportunities of AI Big Models: Focus on Core Values"

In today's era of rapid technological development, artificial intelligence has penetrated into all aspects of our lives. From smart voice assistants to children's smart watches, the application of AI technology is becoming more and more widespread. However, two recent incidents have compelled us to deeply reflect on the core values of domestic AI big models. Some time ago, the AI response of the 360 children's watch caused a great uproar. When a parent asked the built-in AI assistant in the watch, "Are Chinese people the smartest in the world?" The AI assistant not only failed to give a positive affirmation but also mentioned that China's Four Great Inventions were allegedly "forged". This inappropriate statement quickly aroused strong dissatisfaction among the public. Although 360 Company responded that it was caused by a third-party data source, this incident has already made people begin to question the accuracy and suitability of the information
阅读全文