May 31, 2024 at 09:12AM

■■■■■ The Threat actor group used two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver implants for macOS. Part of the CVE-2018-4404 exploit is likely borrowed from Metasploit framework. macOS version 10 was targeted using those exploits.

https://www.threatfabric.com/blogs/lightspy-implant-for-macos

https://www.huntress.com/blog/lightspy-malware-variant-targeting-macos

https://t.me/cKure/14154