Member-only story
Japanese Cryptocurrency Exchange Falls Victim to Backdoor Attack
In a recent incident, a Japanese cryptocurrency exchange became the target of a sophisticated attack that utilized a newly discovered Apple macOS backdoor named JokerSpy. The intrusion, carried out by an unidentified threat actor group referred to as REF9134, resulted in the deployment of a Swift-based enumeration tool called Swiftbelt. Elastic Security Labs, responsible for monitoring the attack, has shed some light on this alarming security breach, highlighting the capabilities and implications of the JokerSpy backdoor.
The JokerSpy Backdoor: A Stealthy macOS Threat
The Bitdefender research team recently uncovered the JokerSpy macOS backdoor, which is regarded as a highly sophisticated toolkit designed to compromise macOS machines. The attack involves the use of Python and Swift programs that enable the collection of sensitive data and the execution of arbitrary commands on compromised hosts.
Swiftbelt: An Enumeration Tool Inspired by SeatBelt
Elastic Security Labs has identified the presence of Swiftbelt during their investigation of the JokerSpy attack. Swiftbelt is a Swift-based enumeration tool that takes inspiration from an open-source utility called SeatBelt. This tool helps the…
