A new version of the macOS malware used by OceanLotus group has been identified by researchers from ESET. Security researcher Romain Dumont from ESET detailed their observations in a blog on Tuesday.
The latest version of the macOS malware was found sporting more features than its earlier versions. In fact, this version underwent a structural change and was harder to detect in infected systems.
Worth noting
Automation could unearth more
In the blog, Dumont also indicated that the decryption of this new OceanLotus malware could be automated which might reveal more about the malware.
“The (encryption) key has changed from previous versions but since the group is still using the same algorithm to encrypt strings, decryption could be automated. Along with this article, we are releasing an IDA script leveraging the Hex-Rays API to decrypt the strings present in the binary. This script may help future analysis of OceanLotus and the analysis of existing samples that we have not yet been able to obtain,” Dumont wrote.
Further technical analysis can be found in the ESET blog.
Publisher