Jamf Blog

The Jamf Threat Labs team has recently identified changes to the UpdateAgent malware dropper. These changes primarily focus on new executables written in Swift that reach out to a registration server to pull down a new set of instructions in the form of a bash script. Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server. The continued development of this malware shows that its authors continue to remain active, trying to reach as many users as possible.

Jamf protects against the most recent findings on Lazerous Group malware targeting macOS. CISA recently posted findings on a handful of malicious applications they refer to as TraderTraitor and many vendors detect as NukeSped malware.

Trend Micro researchers recently documented a new piece of malware by an APT threat actor named Earth Berberokawhich targets gambling websites.

Meet the team of experienced threat researchers, cybersecurity experts and data scientists focus on delivering the best, most secure experience to Jamf customers. And how the work of the Jamf Threat Labs helps organizations and users alike succeed with Apple, safely and securely.

Jamf Threat Labs researchers investigated an Android app (that has since been removed from Google Play on March 22) that was capable of stealing Facebook login credentials (username and password) from users. The app is called Craftsart Cartoon Tools and it was also reported by researchers at Pradeo.

A new vulnerability has been discovered within the Java Spring Framework which may allow for remote execution on a server. Jamf Threat Labs provides a primer on the Java-based vulnerability which has been assigned CVE-2022-22965 and given the nickname “Spring4Shell”.

Volexity researchers recently documented a new piece of malware, by a threat actor named Storm Cloud, that threatens to not only spy on Mac but use command & control (C2) protocols to manipulate your endpoints while operating from commercial, cloud-based services.

The Jamf Threat Labs recently discovered a new macOS vulnerability in the Safari browser that could lead to the execution of an unsigned and un-notarized application, without displaying security prompts to the user, by using a specially crafted zip file. We reported our findings to Apple and in the latest macOS release (12.3), Apple patched the vulnerability (CVE-2022-22616).