Vortax

Malware updated a month ago (2024-10-17T14:00:58.921Z)
Download STIX
Preview STIX
Vortax, initially perceived as a virtual meeting software, has been identified by Recorded Future's Insikt Group as a potent malware affecting macOS security. Orchestrated by the threat actor "markopolo," Vortax is part of a large-scale cyberattack campaign that disseminates three infostealers: Rhadamanthys, Stealc, and Atomic macOS Stealer (AMOS). This campaign has significant implications for macOS users, with an increasing trend towards AMOS attacks. The malware and its associated applications have been primarily used in campaigns targeting cryptocurrency theft. Upon downloading and installing, Vortax delivers the three aforementioned information stealers. Users are enticed to download Vortax through various methods including replies to the Vortax account on social media, direct messages on social media, posts in cryptocurrency-related Telegram channels, and posts in cryptocurrency-themed Discord channels. Despite advertising applications for multiple platforms like Windows, Linux, macOS, iOS, and Android, users can only download the applications with a "Room ID," which serves as a meeting invitation. However, a closer examination revealed Vortax to be a fraudulent operation. Evidence includes related website domains, vortax.io and vortax.space, which contain numerous spelling and grammatical errors. Despite this, Vortax maintains a strong online presence, being indexed by all major search engines, having a social media presence (@VortaxSpace), and even maintaining a Medium blog populated with likely AI-generated articles. With the widespread impact of this malware, it's critical for macOS users to exercise caution when interacting with unknown software downloads or suspicious links.
Description last updated: 2024-10-17T13:03:52.971Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Stealc is a possible alias for Vortax. StealC is a form of malware that specifically targets browser extensions and password managers. Its emergence was first reported in early 2023 and it quickly grew in popularity on the dark web due to its ability to bypass traditional security measures. The malware's modus operandi involves stealing
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Macos
Malware
Social Media
Infostealers
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Rhadamanthys Malware is associated with Vortax. Rhadamanthys is a sophisticated and notorious malware, known for its ability to steal sensitive information. It has been utilized by various threat actors, including nation-state entities such as Iran's Void Manticore and the pro-Palestine group "Handala." Its deployment often involves phishing tactUnspecified
2
The Amos Malware is associated with Vortax. AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to itUnspecified
2
Source Document References
Information about the Vortax Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more