{"id":2813,"date":"2023-09-13T14:31:32","date_gmt":"2023-09-13T06:31:32","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=2813"},"modified":"2023-09-13T16:35:32","modified_gmt":"2023-09-13T08:35:32","slug":"macos%e4%bd%bf%e7%94%a8%e8%80%85%e6%b3%a8%e6%84%8f%ef%bc%81%e5%8f%88%e4%b8%80%e9%87%9d%e5%b0%8dmacos%e7%9a%84%e6%83%a1%e6%84%8f%e8%bb%9f%e9%ab%94%ef%bc%8dmetastealer","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=2813","title":{"rendered":"MacOS\u4f7f\u7528\u8005\u6ce8\u610f\uff01\u53c8\u4e00\u91dd\u5c0dmacOS\u7684\u60e1\u610f\u8edf\u9ad4\uff0dMetaStealer"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"941\" height=\"492\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/09\/image-3.png\" alt=\"\" class=\"wp-image-2814\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/09\/image-3.png 941w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/09\/image-3-300x157.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/09\/image-3-768x402.png 768w\" sizes=\"auto, (max-width: 941px) 100vw, 941px\" \/><figcaption class=\"wp-element-caption\">Photo Credit: Sentinel One<\/figcaption><\/figure>\n\n\n\n<p>\u6700\u65b0\u4e00\u6b3e\u91dd\u5c0dMac\u4f7f\u7528\u8005\u7684\u8cc7\u8a0a\u7aca\u53d6\u60e1\u610f\u8edf\u9ad4MetaStealer\u5df2\u7d93\u73fe\u8eab\uff0c\u653b\u64ca\u8005\u5c08\u9580\u7784\u6e96\u4f01\u696d\u7528\u6236\u3002\u9019\u7a2e\u60e1\u610f\u8edf\u9ad4\u901a\u5e38\u507d\u88dd\u6210Adobe\u61c9\u7528\u7a0b\u5f0f\u6216\u6a94\u6848\uff0c\u6216\u8005\u96b1\u85cf\u5728\u4e00\u822c\u7684\u6a94\u6848\u6587\u4ef6\u4e4b\u4e2d\u3002<a href=\"https:\/\/www.sentinelone.com\/blog\/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks\/\" title=\"SentinelOne\">SentinelOne<\/a>\u7684\u7814\u7a76\u4eba\u54e1\u8868\u793a\uff0c\u76ee\u524d\u767c\u73fe\u7684MetaStealer\u6a23\u672c\u591a\u6578\u90fd\u662f\u96b1\u85cf\u5728\u4f7f\u7528.dmg\u526f\u6a94\u540d\u7684\u6a94\u6848\u4e4b\u4e2d\uff0c\u9019\u7a2e\u76f4\u63a5\u6311\u660e\u4e86\u91dd\u5c0dmacOS\u7684\u60e1\u610f\u8edf\u9ad4\u662f\u76f8\u7576\u7f55\u898b\u7684\uff0c\u56e0\u6b64\u4e5f\u88ab\u731c\u6e2c\u53ef\u80fd\u6709\u8981\u91dd\u5c0d\u67d0\u4e9b\u7279\u5b9a\u7684\u4f01\u696d\u7528\u6236\u3002<\/p>\n\n\n\n<p>MetaStealer\u5c08\u70ba\u642d\u8f09Apple M1\u548cM2\u8655\u7406\u5668\u7684Mac\u8a2d\u8a08\uff0c\u5176\u4ee3\u78bc\u7d93\u904e\u91cd\u91cd\u96b1\u85cf\u8ddf\u6df7\u6dc6\uff0c\u4f01\u5716\u4ee4\u4eba\u770b\u4e0d\u6e05\u4ed6\u7684\u7528\u610f\u70ba\u4f55\u3002\u5118\u7ba1\u5982\u6b64\uff0c\u7814\u7a76\u4eba\u54e1\u9084\u662f\u767c\u73fe\u5230MetaStealer\u80fd\u5920\u7aca\u53d6\u5df2\u4fdd\u5b58\u7684\u5bc6\u78bc\u3001iCloud\u9470\u5319\u5708\u7684\u529f\u80fd\u3001\u4ee5\u53ca\u591a\u6578\u7684\u6587\u4ef6\u6a94\u6848\uff0c\u751a\u81f3\u6709\u4e9b\u8b8a\u7a2e\u662f\u5c08\u9580\u7784\u6e96Telegram\u548cMeta\u61c9\u7528\u7a0b\u5e8f\u3002<\/p>\n\n\n\n<p>MetaStealer\u9996\u6b21\u65bc2023\u5e743\u6708\u88ab\u767c\u73fe\uff0c\u6b64\u5f8c\u4e0d\u65b7\u66f4\u65b0\u3001\u9032\u5316\u3001\u4e26\u767c\u5c55\u4e0d\u540c\u8b8a\u7a2e\u3002\u6700\u8fd1\uff0c\u860b\u679c\u516c\u53f8\u5df2\u5c07\u8a72\u60e1\u610f\u8edf\u9ad4\u589e\u52a0\u5230macOS\u7684XProtect\u9632\u60e1\u610f\u8edf\u9ad4\u7cfb\u7d71\u4e2d\u3002\u5118\u7ba1\u4e00\u4e9b\u7248\u672c\u4e2d\u5d4c\u5165\u4e86\u860b\u679c\u958b\u767c\u8005\u4ee3\u78bc\u7c3d\u540d\uff0c\u4f46\u591a\u6578\u6a23\u672c\u672a\u4f7f\u7528\u7c3d\u540d\uff0c\u9019\u4ee3\u8868\u653b\u64ca\u8005\u6703\u900f\u904e\u5404\u7a2e\u65b9\u5f0f\u4f86\u5f15\u5c0e\u53d7\u5bb3\u8005\u9032\u884c\u4e00\u7cfb\u5217\u64cd\u4f5c\uff0c\u85c9\u4ee5\u7e5e\u904eGatekeeper\u7b49\u4fdd\u8b77\u6a5f\u5236\u3002<\/p>\n\n\n\n<p>MetaStealer\u4e26\u975e\u9996\u6b3e\u91dd\u5c0dMac\u4f7f\u7528\u8005\u7684\u8cc7\u8a0a\u7aca\u53d6\u60e1\u610f\u8edf\u9ad4\uff0c\u7814\u7a76\u55ae\u4f4d\u9084\u767c\u73fe\u4e86\u4e00\u6b3e\u7a31\u70ba<a href=\"https:\/\/cyble.com\/blog\/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram\/\" title=\"\">Atomic Stealer<\/a>\u7684\u60e1\u610f\u8edf\u9ad4\uff0c\u8207MetaStealer\u76f8\u540c\uff0c\u662f\u91dd\u5c0dmacOS\u7684\u4f7f\u7528\u8005\u6240\u8a2d\u8a08\uff0c\u4f46\u76ee\u524d\u70ba\u6b62\u5c1a\u4e0d\u6e05\u695a\u5169\u8005\u4e4b\u9593\u662f\u5426\u6709\u4efb\u4f55\u95dc\u806f\u3002MetaStealer\u7b49\u60e1\u610f\u8edf\u9ad4\u7684\u51fa\u73fe\uff0c\u4ee3\u8868\u60e1\u610f\u8edf\u9ad4\u4f5c\u8005\u6b63\u7a4d\u6975\u7784\u6e96MacOS\u7684\u4f7f\u7528\u8005\uff0c\u7279\u5225\u662f\u90a3\u4e9b\u6163\u4ee5macOS\u9032\u884c\u65e5\u5e38\u4f5c\u696d\u7684\u4f01\u696d\u7528\u6236\uff0c\u85c9\u6b64\u7aca\u53d6\u66f4\u591a\u6a5f\u654f\u8cc7\u8a0a\u3002<\/p>\n\n\n\n<p>\u9019\u4e00\u8da8\u52e2\u4ee4\u5b89\u5168\u4eba\u54e1\u611f\u5230\u64d4\u6182\uff0c\u7576\u9019\u4e9b\u60e1\u610f\u8edf\u9ad4\u958b\u59cb\u6a6b\u8de8\u5230\u4e0d\u540c\u7cfb\u7d71\u4e26\u4e14\u7a4d\u6975\u958b\u767c\u4e4b\u6642\uff0c\u610f\u5473\u8457\u91dd\u5c0d\u4e0d\u540c\u4f5c\u696d\u7cfb\u7d71\u7684\u8a2d\u5099\u90fd\u9700\u8981\u6709\u76f8\u61c9\u7684\u89e3\u6c7a\u65b9\u6848\uff0c\u9019\u4f7f\u5f97\u539f\u5148\u5c31\u5df2\u6349\u895f\u898b\u8098\u7684\u8cc7\u5b89\u9810\u7b97\u66f4\u52a0\u986f\u5f97\u4e0d\u8db3\u3002<\/p>\n\n\n\n<p>\u66f4\u591a\u95dc\u65bc\u91dd\u5c0dmacOS\u60e1\u610f\u8edf\u9ad4\u4e4b\u6d88\u606f\uff1a<br><br>LockBit \u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u8f49\u5411\u4ee5mac\u96fb\u8166\u70ba\u76ee\u6a19\uff1f\uff01\u5c08\u5bb6\u767c\u73fe\u9996\u6b3e\u91dd\u5c0dmacOS \u6a5f\u5668\u7684 LockBit \u52a0\u5bc6\u5de5\u5177\uff01<br><a href=\"https:\/\/blog.billows.com.tw\/?p=2593\">https:\/\/blog.billows.com.tw\/?p=2593<\/a><\/p>\n\n\n\n<p>\u4e2d\u570bAPT\u99ed\u5ba2Storm Cloud\u5229\u7528\u60e1\u610f\u8edf\u9ad4GIMMICK\u91dd\u5c0dmacOS\u7528\u6236<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-\u7ae3\u76df\u79d1\u6280 wp-block-embed-\u7ae3\u76df\u79d1\u6280\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"iQu1m3QGLk\"><a href=\"https:\/\/blog.billows.com.tw\/?p=1805\">\u4e2d\u570bAPT\u99ed\u5ba2Storm Cloud\u5229\u7528\u60e1\u610f\u8edf\u9ad4GIMMICK\u91dd\u5c0dmacOS\u7528\u6236<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"\u4e2d\u570bAPT\u99ed\u5ba2Storm Cloud\u5229\u7528\u60e1\u610f\u8edf\u9ad4GIMMICK\u91dd\u5c0dmacOS\u7528\u6236 &#8212; \u7ae3\u76df\u79d1\u6280\" src=\"https:\/\/blog.billows.com.tw\/?p=1805&#038;embed=true#?secret=gffWc9MCLK#?secret=iQu1m3QGLk\" data-secret=\"iQu1m3QGLk\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>MetaStealer\u7684\u90e8\u5206\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs):<\/p>\n\n\n\n<p>SHA256&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ef0dd9ee92148dfc1d731d42812688f28dd276c2307ac8674a216a2371d156cd&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>SHA256&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 8dd5bcc737e7b4bf98db09b082c34469b7095da3a4d314b1ca9b43316340da20&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>SHA256&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 7344c02c3c366be28df78afb2df87a02a96f82d6fce1df8604067dcb02363dc8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>SHA256&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 50427037543eb5d8be12940c8fac6b4710e15125ee2b77b0743b017eafd8af9f&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>SHA256&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3725b015c4d5e5632e2ab87327f5f20733fc5d821ce500725b6d6c84694de670&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>SHA256&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2d70d5965f201d97f4a763e95c7074dfd7ddbf9b7118e79ebf79c13235e1d821<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6700\u65b0\u4e00\u6b3e\u91dd\u5c0dMac\u4f7f\u7528\u8005\u7684\u8cc7\u8a0a\u7aca\u53d6\u60e1\u610f\u8edf\u9ad4MetaStealer\u5df2\u7d93\u73fe\u8eab\uff0c\u653b\u64ca\u8005\u5c08\u9580\u7784\u6e96\u4f01\u696d\u7528\u6236\u3002\u9019\u7a2e\u60e1\u610f\u8edf\u9ad4 <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=2813\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-2813","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2813"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2813\/revisions"}],"predecessor-version":[{"id":2815,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2813\/revisions\/2815"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}