Jamf Blog

Posts in the Jamf Threat Labs Category

August 16, 2022 by Jamf Threat Labs

Fake droids: Your new Android device is actually an old Android 6

During a digital forensices investigation, we found a cheap burner device that purported to be an Android 10 was actually and old Android 6. In this blog, we present how attackers can ‘fake’ the shutdown screen on iOS to achieve persistence.

July 19, 2022 by Jamf Threat Labs

CloudMensis malware stealing your joy? Jamf’s got you covered!

CloudMensis is a new macOS spyware discovered by ESET. Researchers noted that this malware’s primary goal is to exfiltrate data, such as documents, keystrokes, screen captures, emails and other potentially sensitive data.

June 9, 2022 by Jamf Threat Labs

ChromeLoader adware halted from broadcasting by Jamf Protect

The Jamf Threat Labs team recently updated the threat prevention rules in Jamf Protect to prevent the browser hijacking campaign that inject ads into Chrome and Safari browsers on macOS. Red Canary also published similar findings on the adware.

June 7, 2022 by Jamf Threat Labs

‘No likes’ for iPhone phishing campaign on Instagram

Attackers have gotten very good at knowing how to reach you. Sometimes they know your phone number, your email, your place of work, and your colleagues’ names and that would be enough to reach you with a compelling phishing campaign.

But now, thanks to the wafts of personal data changing hands online, attackers also know your interests. Just like brands using your behavior, interests, likes, dislikes and purchase history to target ads to you, attackers are using that information to craft attacks that might be more alluring. This means users are more likely to stumble upon online risks, especially when it comes to attacks distributed on social media where we are very accustomed to having a personalized experience.

June 3, 2022 by Jamf Threat Labs

Jamf protects against CrateDepression malware

SentinelOne researchers recently investigated a supply chain attack leveraging a malicious crate named ‘rustdecimal’ in the crates.io Rust community crate repository.

June 2, 2022 by Jamf Threat Labs

Jamf protects against ‘pymafka’ malware

Sonatype researchers recently identified a supply chain attack leveraging a malicious Python package ‘PyMafka’ in the PyPI registry.

May 16, 2022 by Jamf Threat Labs

UpdateAgent Adapts Again

The Jamf Threat Labs team has recently identified changes to the UpdateAgent malware dropper. These changes primarily focus on new executables written in Swift that reach out to a registration server to pull down a new set of instructions in the form of a bash script. Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server. The continued development of this malware shows that its authors continue to remain active, trying to reach as many users as possible.

May 10, 2022 by Jamf Threat Labs

NukeSped malware a dud, thanks to Jamf Protect

Jamf protects against the most recent findings on Lazerous Group malware targeting macOS. CISA recently posted findings on a handful of malicious applications they refer to as TraderTraitor and many vendors detect as NukeSped malware.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.