macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

A new macOS version of the HZ RAT backdoor, previously known for targeting Windows users, is now being used to target users of Chinese messaging apps like DingTalk and WeChat. The malware, which mimics legitimate software like OpenVPN, connects to command-and-control servers, mostly located in China, to execute commands, steal user data, and send files back to the attackers. Initially documented in 2022, HZ RAT is primarily used for credential harvesting and system reconnaissance, with recent samples indicating the campaign is still active. The malware’s distribution methods include malicious RTF documents and installer packages, and its persistence suggests some level of ongoing success.

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

27-August-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address