Poolrat

PoolRat, a harmful malware previously classified as SimpleSea by threat intelligence firms, is designed to exploit and damage computer systems. This C/C++ macOS implant has the capability of collecting basic system information and executing arbitrary commands, including carrying out file operations. The malware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The macOS build server was compromised using PoolRat as a backdoor, with LaunchDaemons serving as a persistence mechanism. This incident occurred alongside attacks involving other malware families such as TaxHaul, ColdCat, and IconicStealer, as tracked by Mandiant. Detailed descriptions of these malware programs were provided in an initial findings report published on April 11th by 3CX, the company that discovered the breach. A link between PoolRat and AppleJeus has been established due to the threat actor's previous use of an older version of PoolRat in a long-running campaign. This campaign, documented by CISA in an advisory in 2021, disseminated booby-trapped trading applications like CoinGoTrade to facilitate cryptocurrency theft. This evidence suggests that PoolRat is part of a broader cyberthreat landscape involving sophisticated trojanized applications and persistent threats.