Prtspool is a malicious software (malware) that was first reported by the Cybersecurity and Infrastructure Security Agency (CISA) in 2021. It was identified as a Remote Access Trojan (RAT), which acts as a backdoor on macOS and Linux systems, used as the final payload in one of the AppleJeus (CoinGoTrade) attack waves. The malware can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the potential to steal personal information, disrupt operations, or hold data for ransom.
Recently, new Linux variants of a malware known as POOLRAT have been discovered. These variants exhibit several notable similarities to prtspool, the macOS counterpart. The SHA256 hashes for these variants are 5c907b722c53a5be256dc5f96b755bc9e0b032cc30973a52d984d4174bace456 and f3b0da965a4050ab00fce727bb31e0f889a9c05d68d777a8068cfc15a71d3703, respectively. This suggests that the same threat actors may be behind these attacks, or at least that the Linux variants are derived from the same original source code as the prtspool malware.
In conclusion, prtspool, initially reported by CISA in 2021 as part of an AppleJeus attack wave, continues to pose a significant threat to both macOS and Linux systems. The discovery of its Linux variants, POOLRAT, further indicates the sophistication and adaptability of this malware. Users and administrators are advised to remain vigilant, ensuring they have robust security measures in place and keeping their systems updated to protect against such threats.
Description last updated: 2024-10-17T12:18:41.089Z