Threat actors leverage meeting software applications and tools to penetrate weak security loopholes, infiltrate secure settings and organizations, steal highly confidential information, and restrict organizational functions.
Recorded Future’s Insikt group has recently unveiled a long-term campaign aimed at macOS cryptocurrency users, conducted by the “markopolo” threat actor.
The alleged virtual meeting software is Vortax, a carrier for three potent infostealers: Rhadamanthys, Stealc, and Atomic macOS Stealer (AMOS).
Exploiting these vulnerabilities in macOS denotes an alarming increase in AMOS attacks and malicious apps that put user security at risk.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
This large-scale attack demonstrates that the threat actor operates various malicious apps. The campaign is attributed to a threat actor known as “markopolo,” previously linked to infostealer campaigns targeting Web3 gaming projects.
Weaponized Vortax Meeting Software
This malicious version is primarily distributed through social media, where it is advertised as legitimate software.
Users are lured into downloading the application via phishing links and direct messages containing unique “Room IDs.” These Room IDs, when entered on the Vortax website, redirect users to download links that install the malware.
A previous campaign targeting Web3 gaming linked it to shared hosting and C2 infrastructure that would make it elegant once detected.
This extensive credential harvesting operation indicates that Markopolo could be an initial access broker or darkweb “log vendor” on platforms such as Russian Market and 2easy Shop.
“According to Recorded Future analysis of the Vortax installers on Windows and macOS indicates that Vortax App Setup.exe and VortaxSetup.dmg deliver Rhadamanthys and Stealc, or AMOS, respectively.”
The broad effort to gather credentials illustrates how rapidly modern cyber threats can change and expand on platforms such as macOS when the demand increases.
For macOS, organizations need to improve their security posture by deploying strong monitoring and mitigation strategies that provide protection against these nimble and devastating attacks aimed at their digital ecosystem.
Mitigations
Here below we have mentioned all the mitigations:-
- Ensure AMOS detection systems are regularly updated to prevent infections.
- Educate users on the risks of downloading unapproved software, especially from social media and search.
- Implement strict security controls to prevent unlicensed software downloads.
- Encourage reporting of suspicious activities encountered on social platforms.
- Use robust intelligence to identify and mitigate macOS malware threats and analyze AMOS infrastructure.
- Monitor technology stacks via custom watchlists for enhanced infostealer visibility.
- Leverage proper credentials and brand monitoring for insights into compromised data.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free