Chinese messaging apps WeChat and DingTalk are having their users subjected to attacks with the HZ RAT backdoor for macOS, according to The Hacker News.
Intrusions commence lures to install HZ RAT for macOS as an OpenVPN Connect-spoofing installer, which when executed triggers shell command execution, file writing to disk, file delivery to the command-and-control server, and device availability monitoring, which were also conducted by the Windows version of the malware, a report from Kaspersky showed.
HZ RAT for macOS then proceeds to facilitate the theft of phone numbers, email addresses, and WeChatIDs from WeChat users while stealing usernames, corporate email addresses, phone numbers, and employer and department names from DingTalk users, said the report.
"The macOS version of HZ Rat we found shows that the threat actors behind the previous attacks are still active. During the investigation, the malware was only collecting user data, but it could later be used to move laterally across the victim's network, as suggested by the presence of private IP addresses in some samples," said Kaspersky researcher Sergey Puzan.