Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
ReaderUpdate, a macOS malware loader platform active since 2020, has evolved to include variants written in Crystal, Nim, Rust, and now Go programming languages. Originally a compiled Python binary, the malware has been largely dormant until late 2024. The loader is capable of executing remote commands, potentially offering Pay-Per-Install or Malware-as-a-Service. It collects system information, creates persistence mechanisms, and communicates with command and control servers. The Go variant, less common than others, uses string obfuscation techniques to hinder analysis. While currently associated with adware delivery, the loader's capabilities pose a potential threat for more malicious payloads in the future.
OPENCTI LABELS :
malware,macos,rust,loader,adware,persistence,go,genieo,crystal,silver toucan,dolittle,wizardupdate,nim,updateagent,readerupdate
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants