Dissecting the APT28 Mac OS X Payload whitepaper available

Ever since the emergence in 2007 of the APT28 group, Bitdefender has become familiar with the backdoors used to compromise Windows and Linux targets, such as Coreshell, Jhuhugit and Azzy for the former OS or Fysbis for the latter.

Earlier this month, we have been able to finally isolate the Mac OS X counterpart – the XAgent modular backdoor that was supposeldy delivered via a known dropper associated with the act (the Komplex downloader).

The whitepaper we have prepared will walk you through the inner workings of the XAgent backdoor from its initialization stage to the exfiltration of stolen data. Chapter E is a detailed breakdown of the modules that comprise one of the most advanced threats targeting the Mac operating system to date.

You can download the whitepaper from the Industry Reports section on the Bitdefender website.

Download the whitepaper now

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as director of threat research. When he is not documenting sophisticated strains of malware or planning removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Add Comment

Click here to post a comment