Jamf Blog

Posts in the Jamf Threat Labs Category

June 3, 2022 by Jamf Threat Labs

Jamf protects against CrateDepression malware

SentinelOne researchers recently investigated a supply chain attack leveraging a malicious crate named ‘rustdecimal’ in the crates.io Rust community crate repository.

June 2, 2022 by Jamf Threat Labs

Jamf protects against ‘pymafka’ malware

Sonatype researchers recently identified a supply chain attack leveraging a malicious Python package ‘PyMafka’ in the PyPI registry.

May 16, 2022 by Jamf Threat Labs

UpdateAgent Adapts Again

The Jamf Threat Labs team has recently identified changes to the UpdateAgent malware dropper. These changes primarily focus on new executables written in Swift that reach out to a registration server to pull down a new set of instructions in the form of a bash script. Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server. The continued development of this malware shows that its authors continue to remain active, trying to reach as many users as possible.

May 10, 2022 by Jamf Threat Labs

NukeSped malware a dud, thanks to Jamf Protect

Jamf protects against the most recent findings on Lazerous Group malware targeting macOS. CISA recently posted findings on a handful of malicious applications they refer to as TraderTraitor and many vendors detect as NukeSped malware.

May 10, 2022 by Jamf Threat Labs

Jamf protects against oRAT malware

Trend Micro researchers recently documented a new piece of malware by an APT threat actor named Earth Berberokawhich targets gambling websites.

May 9, 2022 by Jesus Vigo

What is Jamf Threat Labs?

Meet the team of experienced threat researchers, cybersecurity experts and data scientists focus on delivering the best, most secure experience to Jamf customers. And how the work of the Jamf Threat Labs helps organizations and users alike succeed with Apple, safely and securely.

April 8, 2022 by Jamf Threat Labs

GooglePlay removes malware that steals Facebook credentials

Jamf Threat Labs researchers investigated an Android app (that has since been removed from Google Play on March 22) that was capable of stealing Facebook login credentials (username and password) from users. The app is called Craftsart Cartoon Tools and it was also reported by researchers at Pradeo.

April 5, 2022 by Jamf Threat Labs

Hunting Spring4Shell, another Java-based exploit

A new vulnerability has been discovered within the Java Spring Framework which may allow for remote execution on a server. Jamf Threat Labs provides a primer on the Java-based vulnerability which has been assigned CVE-2022-22965 and given the nickname “Spring4Shell”.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.