OSX.Casso

The myth that the macOS system is immune to malware infections has fallen as more and more macOS threats, adware, and Potentially Unwanted Programs (PUPs) targeting it are growing uncontrollably. Among these pests is a backdoor Trojan that was named OSX.Casso. Security researchers believe that it was developed and now used by a North Korea-based cybercrime group, the infamous Lazarus APT group.

The OSX.Casso backdoor is not significant in size. After analyzing working samples of the OSX.Casso, malware researchers concluded that less than half of the file, 32KB, is in charge of the harmful activity it executes. However, the size of the file was increased artificially by its developers when they added junk code and content, which may fool anti-malware products.

The OSX.Casso does not have outstanding functionality because the macOS has strong built-in security measures. However, OSX.Casso can implant a remote shell on the host it compromises, which will provide the remote hackers with the capacity of carrying out code and commands. By using unauthorized access, they can collect information, control running services or processes and load and read files.

Although there are countless more threatening applications attacking computers worldwide, OSX.Casso should be handled with a lot of care. Computer users using macOS devices should follow security experts' recommendations and have a dedicated and up-to-date security program.