"macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users"

An Apple macOS version of a backdoor named "HZ RAT" targets users of Chinese instant messaging apps such as DingTalk and WeChat. The artifacts almost replicate the functionality of the Windows version of the backdoor, with the only difference being the payload, which is received from the attackers' server in the form of shell scripts. HZ RAT was first identified in November 2022, with the malware distributed through self-extracting ZIP archives or malicious RTF documents likely created using the "Royal Road RTF weaponizer." This article continues to discuss findings regarding the macOS version of the HZ RAT backdoor.

THN reports "macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users"

Submitted by grigby1
 

Submitted by Gregory Rigby on