Mobile Tech
Uncovering the New Phoenix Worm: A Deep Dive into ShadeStager macOS Malware
Mosyle, a leading Apple device management and security firm, recently uncovered two new macOS threats that are able to evade detection by antivirus software. These threats, known as Phoenix Worm and ShadeStager, highlight the increasing sophistication of Mac malware and the growing appeal of the Mac platform to cybercriminals.
The evolution of Mac malware has seen a shift towards trojans and infostealers as the preferred methods of attack. Hackers are now more interested in quietly collecting personal and financial information over an extended period, rather than seeking quick gains.
Phoenix Worm: The Stager
Phoenix Worm is a Golang-based malware that serves as a lightweight initial payload, known as a stager. Its main functions include establishing communication with a remote server, generating unique identifiers for infected systems, transmitting system data to malicious actors, and enabling remote upgrades and additional payload execution.
Mosyle’s research indicates that Phoenix Worm is likely part of a larger toolkit designed to facilitate more advanced attacks further down the chain. At the time of investigation, antivirus engines on macOS and Linux platforms were unable to detect the worm, although some success was seen on Windows platforms.
ShadeStager: The Credential Thief
ShadeStager is a modular macOS implant specifically created for credential theft. While it shares similarities with Phoenix Worm, ShadeStager is designed to target developer environments and cloud infrastructure. It seeks to extract SSH keys, cloud credentials, Kubernetes configuration files, authentication data, and browser profiles.
Additionally, ShadeStager collects user and privilege information, OS and hardware details, environment variables, network configuration, and more, all transmitted securely over HTTPS. This allows the malware to execute commands, exfiltrate data, and download files without arousing suspicion.
For Mac administrators looking to enhance their security measures, Mosyle has provided SHA256 hashes for both ShadeStager and Phoenix Worm:
- ShadeStager: 7e8003bee92832b695feb7ae86967e13a859bdac4638fa76586b9202df3d0156
- Phoenix Worm: 54ef0c8d7e167053b711853057e3680d94a2130e922cf3c717adf7974888cad2
Mosyle’s researchers noted that they were able to view parts of the malware’s code without extensive reverse engineering, suggesting that the malware was still in development at the time of discovery and may continue to evolve in the future.
Android’s Honor Phones: The Ultimate iPhone Lookalikes
The Revolutionary AI Technology Transforming Industries
Unlocking Success: How a Digital Twin Solution Can Transform Your Business
Boosting Ireland’s AI Research: Walton AI Facility Invests €1M
Uncovering the New Phoenix Worm: A Deep Dive into ShadeStager macOS Malware
Optimizing AI Efficiency: NVIDIA and Google Collaborate to Cut Inference Costs
Revolutionizing Luxury: The BMW 7 Series Facelift Unveils Neue Klasse Innovation in NYC
Microsoft Revives Plans for Xbox Mobile Store: The Idea is Alive and Well
Ransomware Negotiator Admits Guilt in Assisting BlackCat Cyberattacks
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
OnePlus 8 Pro vs Samsung S20 Ultra vs iPhone 11 Pro Max Camera Test Comparison!
I bought the cheapest smartphones on the planet.
19 Smartphone Gadgets you never knew Existed.
iPhone SE vs iPhone 11 vs iPhone XR Camera Comparison!
iPhone SE vs iPhone 11 vs iPhone 11 Pro vs Samsung vs OnePlus Battery Drain Test!
Top 13 BEST Smartphones of 2020 (Mid Year).
Mystery Xiaomi Smartphone Unboxing.
Is your Smartphone Overpriced?
Huawei’s Operating System of the Future?
-
Facebook6 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook6 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook4 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook6 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook5 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook6 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook5 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple6 months agoMeta discontinues Messenger apps for Windows and macOS
