Objective-See's Blog
At @ConfiantIntel we had some “luck” finding a new malware targeting the new Apple flagship M1 computers. I put “luck” between quotes, as we know when you do cyber, you don’t rely on luck to find stuff, but you look at places were most likely stuff like this is to be found.
This has to do with Confiant’s detection engine, and our unique position in the Killchain: scanning malicious ads as they load, on major publisher websites in the United States.
Not only do we see bad ads loading and we scan them, but we block them as well. In other words, security vendors won’t be able to see what we see, unless they scan as early as we do in the killchain. What did we find?
We found a malware we dubbed MapperState. We didn’t really choose this name as it was taken from the file name, and the C2 server this malware communicated with : mapperstate[.]com
MapperState was installed in our honeypot by OSX/Tarmac which itself was downloaded by a OSX/Bundlore loader, compatible ARM and notarized by Apple as we reported one week ago:
/cdn.vox-cdn.com/uploads/chorus_asset/file/25417835/51684715392_2615642caa_o.jpg)
