The group’s flagship malware implant for Home windows since 2018 has been a customized modular backdoor program referred to as MgBot with capabilities that may be prolonged with totally different plug-ins. Nevertheless, it seems that MgBot is simply one of many backdoors that Daggerfly has developed utilizing the identical framework that powers MgBot.
The unattributed Macma macOS backdoor
Again in November 2021, researchers from Google’s Risk Evaluation Group (TAG) reported a watering gap assault involving compromised web sites in Hong Kong that had been serving iOS and macOS exploits to guests. The macOS assault chain exploited a zero-day vulnerability on the time to ship a beforehand undocumented backdoor that Google TAG named Macma. Watering gap assaults are campaigns the place particular web sites of curiosity to a goal group are compromised, on this case the web sites of a media outlet and a outstanding pro-democracy labor and political group, the purpose being to establish and spy on democracy supporters.
The Macma backdoor was able to fingerprinting gadgets, performing display screen captures, downloading recordsdata to and importing recordsdata from gadgets, permitting attackers to execute terminal instructions, recording audio and keylogging. Regardless that the malware was subsequently analyzed by a number of corporations and researchers, it was not attributed to any specific APT group — till now.
