Malware Wiki

Summary

Proxy trojan that leverages a proxy network for malicious activities

Class

Trojan

Class Summary

A Trojan is malware that masquerades as a legitimate program. Once executed, it can perform harmful activities like creating backdoors for unauthorized access, modifying or deleting files, or even downloading additional malware. Trojans commonly spread through software downloads or social engineering via malicious email attachments. Trojans are often focused on espionage capabilities rather than monetary gain, but some overlap may occur depending on attacker objectives. They generally include multiple different functionalities such as remote shell capabilities, keyloggers, infostealers and more.

Description

ProxyTrojan is a malware that exploits a proxy network to carry out various malicious activities while concealing its true origin. The malware was discovered in trojanized applications obtained from pirated sites and utilizes post-install scripts for installation and execution. The trojan, named WindowServer, disguises itself by imitating a legitimate macOS process. The malware establishes connections to a Command and Control (C2) server, concealing its activities through DNS-over-HTTPS (DoH). ProxyTrojan supports various commands and is capable of processing messages received from the C2 to facilitate network communications over the proxy.

References

https://securelist.ru/trojan-proxy-for-macos/108460/

Example Hashes

beacef5c345886c323d7f552373fa0ba9627d12d

VirusTotal
6fc19d6219cd2007ce957d526ef719d6e4c3d91f

VirusTotal
f4b249efdef8eed7aa5b1ad39eee81a836ed9102

VirusTotal