![]() ![]() The saved application state for iTerm2.The config file for SecureCRT, a terminal emulator program.The user's keychains, which contain many credentials and can be unlocked if the user's password can be obtained.ssh folder, which can contain credentials for SSH. The /etc/hosts file, which can contain details on custom servers accessed by the user.The git config file, which contains potentially sensitive information, including an e-mail password.Command histories for bash and zsh, which can contain sensitive information such as credentials.Contents of the user's home, desktop, Documents, and Downloads folders.The g.py file is clear-text Python code, and thus its intent is quite clear. However, according to Patrick, it communicates with what appears to be a Cobalt Strike server ( 8:443), which may mean it is a Cobalt Strike "beacon," which would provide comprehensive backdoor access to the attacker. The GoogleUpdate binary is heavily obfuscated, and it's currently not known exactly what it does. The main purpose seems to be to connect to 11, from which it downloads a Python file named g.py and a mach-O binary named GoogleUpdate into the /tmp folder, then executes both of them. When launched, the malicious app loads and runs the malicious libcrypto.2.dylib dynamic library, which in turn does a couple things. ITerm.app/Contents/Frameworks/libcrypto.2.dylib The malicious iTerm2 app appears to be a legitimate copy of the iTerm2 app, but with one file added: It also includes a link to the Applications folder with a Chinese name, which is unusual for an app that is English-only and does not contain any Chinese localization files. Further, for an app with a very professionally designed website, the disk image file is quite unpolished. The real iTerm2 is distributed in a zip file, rather than a disk image. The disk image throws the first red flag. But if you have that knowledge and want something that, like iTerm2, can replace Terminal with more organization and customization features, ZOC Terminal is for you.The malware comes in a disk image that contains a link to the Applications folder with a Chinese name Once again, we have SSH software for Mac that requires a lot of knowledge of Terminal and command line to use. It also allows for F-Macro keys and customized button bars for commands. You can fully remap your keyboard inside ZOC Terminal to create hotkey shortcuts for certain command line functions and text inputs. ZOC Terminal also allows for a ton of customizing. So you can go back in a session as well or use the same commands over and over again as quickly as you need. ![]() You can easily scroll back through commands you’ve input in ZOC Terminal and see everything you’ve input in a session as well. It also maintains an “address book” of folders and hosts for you that are also color coded for quick access and maintenance of different servers. ZOC Terminal lets you open multiple Terminal tabs and color code them to remind yourself what you’re connected to and where. And it lets you set up and quickly switch between profiles, so you can utilize different permission levels or quickly go to different SSH connections. ITerm2 also keeps track of which directories you visit most often on your SSH connections, so you can get into them again much faster. In terms of SSH, iTerm2 will keep you informed of which directory you’re in, and will let you navigate back to previous commands by hitting Shift + Cmd + Up or Shift + Cmd + Down. It also lets you go back and recover text you deleted or changed with an Instant Replay feature. It also lets you search through an iTerm2 Terminal window for a particular word or command, so you can get to that bit of code you need in seconds.Ĭopying and pasting in iTerm2 is a lot easier than it is in PuTTY for Mac, and it keeps a paste history for you so you can quickly find the second-to-last item you copied. ITerm2 supports split panes, so you can have multiple Terminal windows open and operating right beside each other or on top of each other. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |