Whitepapers

Dissecting the APT28 Mac OS X Payload whitepaper available

Ever since the emergence in 2007 of the APT28 group, Bitdefender has become familiar with the backdoors used to compromise Windows and Linux targets, such as Coreshell, Jhuhugit and Azzy for the former OS or Fysbis for the latter.

Earlier this month, we have been able to finally isolate the Mac OS X counterpart – the XAgent modular backdoor that was supposeldy delivered via a known dropper associated with the act (the Komplex downloader).

The whitepaper we have prepared will walk you through the inner workings of the XAgent backdoor from its initialization stage to the exfiltration of stolen data. Chapter E is a detailed breakdown of the modules that comprise one of the most advanced threats targeting the Mac operating system to date.

You can download the whitepaper from the Industry Reports section on the Bitdefender website.

Dissecting the APT28 Mac OS X Payload (2069 downloads)

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.