Operating systems such as macOS generally have very extensive security mechanisms to prevent the installation of malware. However, hackers always find ways to at least partially circumvent them in order to be able to inject malware. The security company Mosyle is now drawing attention to two threats that are not recognized by common antivirus programs: “Phoenix Worm” and “ShadeStager” can cause great damage by spying on access data, as 9to5Mac reports. Phoenix Worm goes unnoticed by antivirus scanners
Phoenix Worm acts as a so-called “stager” and is designed to nest in the system unnoticed. The infected computer is assigned a unique identifier. It transfers initial system data to a control server and prepares everything for further downloading of additional malware. The tool itself is initially rather harmless, but paves the way for far-reaching attacks. Mosyle also points out that antivirus programs on macOS and Linux have so far failed when it comes to identifying the software. Detection was only possible to a limited extent under Windows.
ShadeStager primarily wants to find out cloud access data
ShadeStager, on the other hand, works differently: The malicious program extracts valuable data from systems that have already been compromised. However, Mosyle emphasizes that Phoenix Worm and ShadeStager are not related. The latter focuses on developer and cloud environments and, among other things, collects SSH keys and cloud access data from providers such as Amazon Web Services, Azure and Google Cloud. ShadeStager doesn’t stop at full browser profiles, exposing saved login details and active sessions.
Take precautionary measures
Since many infections require that software is running locally, special care must be taken with every installation: programs should of course only come from trustworthy sources. Scripts that require extensive permissions must be checked thoroughly before execution. Access rights require strict control. It is also recommended to keep the system up to date.
