skip to Main Content

Cybercrime, Alchimist and Insekt target Mac, Linux and Windows

Alchimist and Insekt target Mac, Linux and Windows. Cisco Talos cybersecurity experts: the first one is a new attack framework and the second a malware, a RAT. Both are written in Golang

Alchimist is a new attack framework for Mac, Linux and Windos, just discovered by Cisco Talos cybersecurity experts. It has a web interface in Simplified Chinese with remote administration features and has been used in a cybercrime campaign, associated with a new malware dubbed Insekt, a RAT that has remote administration features. Both of them have been implemented in Golang and Insekt is is Alchimist’s beacon implant. The framework’s C2 can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution and run arbitrary commands. Among the remaining tools, researchers found a Mach-O dropper embedded with an exploit to target a known vulnerability CVE-2021-4034, a privilege escalation issue in polkit’s pkexec utility, and a Mach-O bind shell backdoor. The server also contained dual-use tools like psexec and netcat, along with a scanning tool called “fscan,” which the author defines as an “intranet scanning tool,” essentially all the necessary tools for lateral movement.

Back To Top