Jamf Threat Labs has released a new report on “DigitStealer,” a sophisticated macOS infostealer that uses advanced hardware checks and multi-stage attacks to evade detection and steal sensitive data.
In the report, Jamf Threat Labs notes that the malware sample masquerades as the legitimate DynamicLake macOS utility, software that is used to make the Mac interface more engaging and productive. To evade detection, the threat actor employs typosquatting of domain names to mislead security teams during manual review.
From the report: It serves as another reminder that malware authors are abusing legitimate services and distribution methods to bypass macOS security controls and improve their chances of success. While static detection remains valuable, pairing it with behavioral detection is essential to catch the signs of infostealer activity in real time. Many of these payloads execute entirely in memory and leave little to no trace on disk.
We recommend customers ensure that threat prevention and advanced threat controls are enabled and set to blocking mode in Jamf Protect to stay protected against these latest infostealer variants.
I hope you’ll help support Apple World Today by becoming a patron. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support.
Article provided with permission from AppleWorld.Today
