Blog

Nov 14, 2024

Hackers use macOS extended file attributes to hide malicious code

Posted by in category: cybercrime/malcode

Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr.

The threat actor is hiding malicious code in custom file metadata and also uses decoy PDF documents to help evade detection.

The new technique is similar to how the Bundlore adware in 2020 hid its payloads in resource forks to hide payloads for macOS. It was discovered in a few malware samples in the wild by researchers at cybersecurity company Group-IB.

Leave a reply