macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users


A new macOS version of the HZ RAT backdoor, previously known for targeting Windows users, is now being used to target users of Chinese messaging apps like DingTalk and WeChat. The malware, which mimics legitimate software like OpenVPN, connects to command-and-control servers, mostly located in China, to execute commands, steal user data, and send files back to the attackers. Initially documented in 2022, HZ RAT is primarily used for credential harvesting and system reconnaissance, with recent samples indicating the campaign is still active. The malware’s distribution methods include malicious RTF documents and installer packages, and its persistence suggests some level of ongoing success.

Read More


thumb-image

Solutions