Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

6.7.2017 ( Version 2092 )

XProtect_OSX_ATG15_B

Also Known As: OSX/OceanLotus

OSX/ATG15 is a malware macOS backdoor used by the APT OceanLotus group to carry out cyber espionage in China and Southeast Asia [1]. Users are tricked into running the application pretending to be an installer for an Adobe Flash update [2].

References:
  1. https://www.cybereason.com/blog-cybereason-labs-discovery-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/
  2. https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update

Sample Hashes (VT links):
4f509c8b7f3114ec51e35192eec866f87f66d84e33c47c4ccf82b3f2f35269e4