Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

6.7.2017 ( Version 2092 )


Also Known As: OSX/OceanLotus

OSX/ATG15 is a malware macOS backdoor used by the APT OceanLotus group to carry out cyber espionage in China and Southeast Asia [1]. Users are tricked into running the application pretending to be an installer for an Adobe Flash update [2].

  1. https://www.cybereason.com/blog-cybereason-labs-discovery-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/
  2. https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update

Sample Hashes (VT links):