Threat: CrateDepression
Affects: SentinelOne researchers discovered a typosquatting attack imitating the legitimate ‘rust_decimal’ crate used for financial calculations. The attacker's intent is that developers would misspell the legitimate crate name and download the malicious one ‘rustdecimal’ instead. The malware then identifies the victim's platform (macOS or Linux) and downloads the requisite Mythic Poseidon payload - a well-known post-exploitation red-teaming framework.
Such attacks are not uncommon on macOS. Recently the PyMafka malware leveraged a similar typosquatting technique hosting a malicious Python package named ‘pymafka’ in an attempt to imitate the legitimate ‘pykafka' package repository used by developers.
Prevented by: Jamf Protect threat prevention blocks the execution of this malware.
Malicious URLs (as published by SentinelOne):
Why allow Mac malware like this to make you sad? Turn that admin frown upside-down with Jamf Protect!
Contact Jamf, your preferred reseller today to get started implementing purpose-built macOS security into your infrastructure.
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.