MacSpy

MacSpy is a malware-as-a-service offered on the darkweb [1].

ID: S0282
Aliases: MacSpy
Type: MALWARE
Platforms: macOS

Version: 1.0

Alias Descriptions

NameDescription
MacSpy[1].

Techniques Used

DomainIDNameUse
EnterpriseT1123Audio CaptureMacSpy can record the sounds from microphones on a computer.[1]
EnterpriseT1115Clipboard DataMacSpy can steal clipboard contents.[1]
EnterpriseT1107File DeletionMacSpy deletes any temporary files it creates[2]
EnterpriseT1158Hidden Files and DirectoriesMacSpy stores itself in ~/Library/.DS_Stores/ [2]
EnterpriseT1056Input CaptureMacSpy captures keystrokes.[1]
EnterpriseT1159Launch AgentMacSpy persists via a Launch Agent.[1]
EnterpriseT1188Multi-hop ProxyMacSpy uses Tor for command and control.[1]
EnterpriseT1113Screen CaptureMacSpy can capture screenshots of the desktop over multiple monitors.[1]
EnterpriseT1071Standard Application Layer ProtocolMacSpy uses HTTP for command and control.[1]

References