SentinelOne Vs. macOS.Macma – Kill and Quarantine

⚔️ See how SentinelOne kills and quarantines macOS.Macma. macOS.Macma is a suspected Chinese-backed APT malware used against Hong Kong-based activists in 2021. The threat was propagated in two distinct ways: a trojan installer app called «SafariFlashActivity» and via a web-based watering hole campaign that leveraged a remote code execution in WebKit and a local privilege escalation in the XNU kernel.

The malware, once installed, spies on users via a keylogger and AV captures of the user’s on-screen Windows. Other functionality includes device fingerprinting, file downloads and exfiltration.

Despite being a novel malware with no previous signature, the SentinelOne agent catches macOS.Macma as it tries to execute thanks to the agent’s behavioral AI.

Read more at: https://www.sentinelone.com/blog/backdoor-macos-macma-spies-on-activists-but-cant-hide-from-behavioral-detection/