1. Home
  2. Software
  3. MacSpy

MacSpy

MacSpy is a malware-as-a-service offered on the darkweb [1].

ID: S0282
Type: MALWARE
Platforms: macOS
Version: 1.1
Created: 17 October 2018
Last Modified: 30 March 2020
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

MacSpy uses HTTP for command and control.[1]
Enterprise T1123 Audio Capture

MacSpy can record the sounds from microphones on a computer.[1]
Enterprise T1115 Clipboard Data

MacSpy can steal clipboard contents.[1]
Enterprise T1543 .001 Create or Modify System Process: Launch Agent

MacSpy persists via a Launch Agent.[1]
Enterprise T1564 .001 Hide Artifacts: Hidden Files and Directories

MacSpy stores itself in ~/Library/.DS_Stores/ [2]
Enterprise T1070 .004 Indicator Removal: File Deletion

MacSpy deletes any temporary files it creates[2]
Enterprise T1056 .001 Input Capture: Keylogging

MacSpy captures keystrokes.[1]
Enterprise T1090 .003 Proxy: Multi-hop Proxy

MacSpy uses Tor for command and control.[1]
Enterprise T1113 Screen Capture

MacSpy can capture screenshots of the desktop over multiple monitors.[1]

References

  1. Patrick Wardle. (n.d.). Mac Malware of 2017. Retrieved September 21, 2018.
  1. PETER EWANE. (2017, June 9). MacSpy: OS X RAT as a Service. Retrieved September 21, 2018.