XAgentOSX

Malware updated 8 days ago (2024-11-29T13:35:26.277Z)
Download STIX
Preview STIX
XAgentOSX, also known as Sofacy's XAgent macOS Tool, is a malicious software (malware) developed by the same actor who created the Komplex tool, according to research conducted by PaloAlto Networks. This malware operates by exploiting and damaging computer systems, often infiltrating them through suspicious downloads, emails, or websites without the user's knowledge. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The name "XAgentOSX" references Apple's previous name for macOS, OS X, and shares its name with one of Sofacy’s Windows-based Trojans, suggesting a common origin. The operation of XAgentOSX mirrors that of its Windows-based counterpart, with the Command and Control (C2) URLs generated by XAgentOSX being very similar to those created by the Windows version. This similarity implies a shared development background and further supports the theory that the same actor developed both tools. Additionally, the XAgentOSX Trojan includes responses to commands within HTML tags, believed to allow the C2 server to format logs for viewing, adding another layer of complexity and stealth to its operation. PaloAlto Networks has identified that the Sofacy group likely uses the Komplex tool to download and install the XAgentOSX tool onto compromised systems, thereby expanding its command set. The specific XAgentOSX sample analyzed by PaloAlto Networks was configured to use certain IP addresses and domain names as its C2 servers. This discovery provides important insight into how the malware communicates and potentially offers avenues for mitigation and defense against this potent threat.
Description last updated: 2024-05-05T06:48:02.810Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the XAgentOSX Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
MITRE
2 years ago
MITRE
2 years ago