Bitdefender has issued a warning about a new Trojan called “JokeySpy” that targets macOS, as well as Windows and Linux. The security company states that the malware has not been detected by common antivirus software and there is limited information available about it. Analysis of individual components found on an infected Mac suggests a larger attack specifically aimed at macOS. The malware includes a generic backdoor written in Python, which checks the operating system and contacts a command and control server to receive further commands. Two Mach-O files, designed for Intel and ARM Macs, are also included. The developers have used Swift and are targeting current macOS versions from macOS 12 Monterey. The malware appears to be focused on checking authorizations before deploying a spyware component, which may involve creating screenshots of the screen content or active windows. However, there are missing pieces in the analysis, suggesting a more complex malware toolkit. It is unclear whether the malware has been used in targeted attacks or distributed more broadly.
