Janicab

Janicab is an OS X trojan that relied on a valid developer ID and oblivious users to install it. [1]

ID: S0163
Type: MALWARE
Platforms: macOS

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1123Audio CaptureJanicab captured audio and sent it out to a C2 server.[2][1]
EnterpriseT1116Code SigningJanicab used a valid AppleDeveloperID to sign the code to get past security restrictions.[1]
EnterpriseT1168Local Job SchedulingJanicab used a cron job for persistence on Mac devices.[1]
EnterpriseT1113Screen CaptureJanicab captured screenshots and sent them out to a C2 server.[2][1]

References