According to Kaspersky security researchers, a malware campaign targeting the Middle East’s industrial sector has been expanded to include Mac systems.
The effort, dubbed WildPressure, began in May 2019 and involved just a Windows variant of a malware called Milum for more than a year. However, the campaign’s operators began employing fresh variants of the Trojan to target macOS systems earlier this year.
The researchers uncovered a similar Visual Basic Script (VBScript) variation of the threat, which had the same version as the C++ version but came with a series of modules, including an orchestrator and three plugins.
Additionally, Kaspersky’s security experts discovered a Python-based malware strain that can execute on both Windows and Mac OS X. The coding style, design, and command and control (C&C) communication protocol are all comparable in all three Trojan incarnations.
According to Kaspersky, “all three versions of the Trojan were able to download and execute commands from the operator, collect information, and upgrade themselves to a newer version.” It’s thought that the malware is continuously being developed.
The attackers used a network of virtual private servers (VPS) and compromised servers, predominantly WordPress websites, to carry out the newly discovered attacks.
According to Kaspersky, the new WildPressure activity appears to be targeting targets in the Middle East’s oil and gas business. Despite slight parallels to hacking groups such as Chafer and Ferocious Kitten, the security firm did not trace the attacks to any known threat actor operating in the area.