Researchers have uncovered a new backdoor called KTLVdoor, which is written in the Go language, has versions for targeting Windows and Linux and is linked back to Chinese-speaking threat actor Earth Lusca.
Threat actors compromised an unnamed internet service provider in order to poison DNS responses and target macOS and Windows systems with malware.
The attack’s abuse of Cloudflare Tunnels is part of an overall increase in malware delivery via this vector, said researchers.
A new, native macOS version of the BeaverTail malware used by North Korean state-sponsored attackers has veen identified by researchers.
Researchers have been tracking a social engineering technique in ongoing attacks where a pop-up message gives end users instructions to manually copy and paste a malicious script, leading to the deployment of malware.