The recent emergence of a macOS variant of the HZ RAT malware targets users of Chinese instant messaging apps and connects to a C2 server for command execution.
HZ RAT's functionality mirrors the Windows version, receiving commands through shell scripts, indicating that it's primarily designed for credential harvesting and reconnaissance activities.
Research suggests HZ RAT has been active in campaigns since at least October 2020, with its first detection in the wild going back to June 2020.
The malware's distribution involves RTF exploits and deceptive installers posing as legitimate software, highlighting ongoing vulnerabilities in Microsoft Office that attackers exploit.
Collection
[
|
...
]