PamStealer¶ñÒâÈí¼þ¼Ù×°Mac×é¼þµÁÈ¡ÃÜÂë
°ä²¼¹¦·ò 2026-07-077ÔÂ3ÈÕ£¬°²È«×êÑÐÈËÔ±·¢ÏÖ£¬·¸·¨·Ö×Óͨ¹ý·ÂðÓòÃûmaccyapp(.)comÍÆ¹ãαÔìµÄ¿ªÔ´¼ôÌù°åÖÎÀíÆ÷Maccy£¬ÏÖʵװÖõÄÊÇÃûΪPamStealerµÄRust˵»°ÐÅÏ¢ÇÔÈ¡·¨Ê½¡£¹¥»÷ʼÓÚÒ»¸öÔ̺¬¶ñÒâAppleScript¾ç±¾µÄ´ÅÅÌÓ³Ïñ£¬Óû§±»ÓÕµ¼Ôھ籾±à×ëÆ÷ÖÐÔËÐУ¬¶ñÒâÂß¼°µ²ØÔÚ³¤¶Î¿ÕȱÎı¾Ö®ºó¡£¾ç±¾»á²é³CPU¼Ü¹¹¡¢Ëµ»°¡¢Ê±ÇøµÈ»·¾³ÐÅÏ¢£¬²¢¶Ô¶íÂÞ˹µÈ¹ú¶È½øÐÐÇøÓò¹ýÂËÒÔ¶ã±ÜÌØ¶¨µØÓòµÄϰȾ¡£Ëæºó£¬ÏÂÔØÆ÷ʹÓÃÔÉúAPI¼ìË÷µÚ¶þ½×¶ÎÓÐÐ§ÔØºÉ£¬Ô¤·ÀʹÓÃcurlµÈ³£¼ûºÅÁîÐй¤¾ßÒÔ½µµÍ¼ì²â·çÏÕ¡£×îÖÕ×°ÖõĶñÒⷨʽ¼Ù×°³ÉmacOSϵͳ×é¼þ£¨Èç"Finder.app"£©£¬¸´ÔìÕæÊµÍ¼±ê£¬ÔËÐÐʱÎÞ´°¿ÚÏÔʾ¡£¸ÃÇÔÈ¡·¨Ê½¿É¶ÁÈ¡ä¯ÀÀÆ÷Êý¾Ý¿â¡¢½Ó¼ûÔ¿³×´®¡¢³ÖÐø¼à¿Ø¼ôÌù°å£¬Ëùº±¼û¾Ý¾¼ÓÃܺó·¢ËÍÖÁºÅÁîÓë½ÚÔì·þÎñÆ÷¡£¸Ã¶ñÒâÈí¼þͨ¹ý¸ß¶È·ÂÕæµÄϵͳ¶Ô»°¿òÓÕÆÓû§ÊäÈëÃÜÂ룬²¢ÀûÓÃPAMÄ£¿éÑéÖ¤ÃÜÂëÓÐЧÐÔ£¬½öµ±ÊäÈëÕýÈ·ÃÜÂëºó²Å³ÖÐøÖ´ÐУ¬ËæºóÏÔʾÐéαÃýÎóÐÂΟ²¸Ç¶ñÒâÐÐΪ¡£Ëü»¹»áÓÕµ¼Óû§ÊÚÓè"ÆëÈ«´ÅÅ̽ӼûȨÏÞ"ÒÔÇÔÈ¡ÓʼþºÍ±¸·ÝµÈÊܱ£»¤Êý¾Ý£¬²¢Í¨¹ýË«³Á×¢²áµÇ¼ÏîʵÏÖÓÆ¾Ã»¯¡£
https://hackread.com/pamstealer-malware-macos-fake-maccy-clipboard-app/
2. Éç½»¹¤³Ì¹¥ÆÆ³Ð°üÉÌ£¬AdaptHealth»¼ÕßÊý¾Ýй¶
7ÔÂ4ÈÕ£¬ÃÀ¹úÒ½ÁÆÉ豸¹«Ë¾AdaptHealth½üÈÕÅû¶£¬ÍþвÐÐΪÕßͨ¹ýÉç½»¹¤³Ì¹¥»÷³É¹¦ºýŪµÚÈý·½³Ð°üÉÌ£¬»ñÈ¡Á˸ù«Ë¾ÔÆ»·¾³µÄ½Ó¼ûȨÏÞ²¢ÇÔÈ¡ÁË´óÁ¿»¼ÕßÊý¾Ý¡£¾ÝÌá½»¸øÃÀ¹ú֤ȯÂòÂôίԱ»á£¨SEC£©µÄÎļþÏÔʾ£¬¹¥»÷ÕßÀûÓÃÉç»á¹¤³Ì¼¿Á©·ÛËéÁËÓëµÚÈý·½³Ð°üÉÌÓйصĺϷ¨Óû§»á»°£¬´Ó¶øÈƹý°²È«Ììǵ½øÈëAdaptHealthµÄ¶à¸ö»ùÓÚÔÆµÄÒµÎñÀûÓ÷¨Ê½¡£·¢ÏÖÎÊÌâºó£¬AdaptHealthѸ¿ì²ÉȡӦ¶Ô´ëÊ©£¬Ô̺¬½ûÓÃÊÜÓ°ÏìµÄÕË»§¡¢³ÁÖÃËùÓÐÓйØÍ´´¦£¬²¢²¿ÊðÁ˶î±íµÄ½Ó¼û½ÚÔì»úÔìÒÔ¶ôÔìÊÂÎñ½øÒ»²½À©´ó¡£¸Ã¹«Ë¾ÓÚ6ÔÂ27ÈÕÕýʽÈ϶¨¸ÃÊÂÎñÓµÓгÁ´óÒâ˼£¬Æ¾¾Ý¼à¹ÜÒªÇóÏòSEC½øÐÐÅû¶¡£ÔÚÈëÇÖ¹ý³ÌÖУ¬¹¥»÷Õ߳ɹ¦ÉøÈëÁËÄÚ²¿»¼ÕßÖÎÀíϵͳºÍÎĵµ´æ´¢Æ½Ì¨£¬ÇÔÈ¡ÁËÓë±£ÏÕ½áËãÓйصÄÃÜÂëµÈ¹Ø¼üÊý¾Ý£¬Í¬Ê±»ñÈ¡ÁË»¼ÕßµÄÓ×ÎÒÉí·ÝÐÅÏ¢£¨PII£©ºÍÊܱ£»¤µÄ½¡È«ÐÅÏ¢£¨PHI£©¡£²»ÍâAdaptHealthÔÚÎļþÖгö¸ñ³ÎÇ壬Æäϵͳ²¢²»´æ´¢»¼ÕßµÄÉç»á±£ÏÕºÅÂë¡¢Ó×ÎÒ²ÆÕþÕË»§ÐÅÏ¢»òÖ§¸¶¿¨ÐÅÏ¢£¬ÕâÔڿ϶¨Ë®Æ½ÉÏÏÞ¶ÈÁËÊý¾Ýй¶¿ÉÄÜÔì³ÉµÄ²ÆÕþÇÖº¦¡£
https://cybernews.com/news/adapthealth-patient-data-theft/
3. ðÃûÕÐÆ¸Éè¾Ö£¬Á¬»·Ìø×ª´¹µöÇԹȸèÕËÃÜ
7ÔÂ6ÈÕ£¬½üÆÚ£¬¹¥»÷Õß¼ÙÒâAdobe¡¢Netflix¡¢ÊʿڿÉÀÖ¡¢OpenAIµÈ30Óà¸ö³ÛÃûÆ·ÅÆ£¬ÒÔÐéαÕÐÆ¸¿ÚÊÔΪµö¶ü£¬Õë¶ÔÓªÏúרҵÈËÊ¿ÇÔÈ¡GoogleÕË»§Æ¾Ö¤¡£¸Ã¹¥»÷²¢·Çµ¥Ò»·¢ËͶñÒâÁ´½Ó£¬¶øÊÇͨ¹ý¶à³ÁÌø×ªµÄ¡°ÐÅÀµÁ´¡±£¬ÀûÓúϷ¨Æ½Ì¨½µµÍÊܺ¦Õß·À±¸£¬×îÖÕÒýÈëαÔìµÇÂ¼Ò³Ãæ¡£´¹µöÓʼþ¼Ù×°³É¡°Êг¡ÓªÏú¸ÚλÕÐÆ¸¡±£¬·¢¼þÈËÐÅϢȡ×ÔÕæÊµÕÐÆ¸ÈËÔ±¡£ÓʼþÊèµ¼ÊÕ¼þÈ˵ã»÷ÈÕÀúÁ´½Óºó£¬¾SalesforceÓòÃûºÍWise AgentµÈ¶à¼¶Ìø×ª£¬²Å½øÈë´¹µöÒ³Ãæ£¬Í¨³£Óû§ÄÑÒÔ¾õ²ìÒì³£¡£µ½´ïºó£¬¹¥»÷Õßѡȡ¡°ä¯ÀÀÆ÷ÖеÄä¯ÀÀÆ÷¡±£¨BitB£©¼¼Êõ£¬ÓÃHTMLºÍCSSäÖȾαÔìµÄGoogleµÇ¼µ¯´°£¬ÆÈ¡Óû§Õ˺ÅÃÜÂ룬ÇÒ²»´¥·¢Î£ÏÕÓòÃûÒªÇ󡣸ûÒѳÖÐøÖÁÉÙÎå¸öÔ£¬Éæ¼°34¸öÒÔÉÏÓòÃû£¬±»¼ÙÒâÐÐÒµº¸Çº½¿Õ¡¢Ê³Æ·¡¢ÉÝ³ÞÆ·¡¢Õ÷ѯ¡¢¾Æµê¡¢ÌåÓýµÈ¶à¶àÁìÓò¡£¹¥»÷ÕßÈôºÎ»ñµÃºÏ·¨Æ½Ì¨È¨ÏÞÉв»Ã÷È·£¬´§Ä¦Îª×¢²áÕæÊµÕË»§»òʹÓñ»µÁƾ֤£¬Æ½Ì¨×ÔÉíδ±»¹¥ÆÆ£¬¶øÊDZ»ÀÄÓÃΪ¡°ÖÐתվ¡±¡£
https://www.bleepingcomputer.com/news/security/phishing-poses-as-big-brand-job-interview-to-steal-google-accounts/
4. Adobe ColdFusion¸ßΣ·ì϶Ôâ»ð¿ìÀûÓÃ
7ÔÂ6ÈÕ£¬½üÈÕ£¬Adobe¹«Ë¾°ä²¼´¹Î£°²È«ÖҸ棬ÆäColdFusion²úÆ·ÖдæÔÚÒ»¸öµÚÒ»Á÷±ð·ì϶CVE-2026-48282¡£¸Ã·ì϶ÊôÓÚõè¾¶±éÀúÎÊÌ⣬δ¾Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷Õß¿ÉÀûÓÃÆäÖ´ÐÐËÁÒâ´úÂ룬ÊÜÓ°ÏìµÄ°æ±¾Ô̺¬ColdFusion 2025.9¡¢2023.20¼°¸üÔç°æ±¾¡£AdobeÃ÷È·ÖÒ¸æ³Æ£¬¸Ã·ì϶¼«Ò×±»ÀûÓã¬ÇÒ¼«ÓпÉÄÜÔÚÏÖʵ¹¥»÷Öб»¿í·ºÑ¡È¡¡£°²È«×êÑлú¹¹µÄÖÒ¸æºÜ¿ì³ÉΪÏÖʵ£¬ÔÚCVE-2026-48282µÄ¾ßÌå¼¼ÊõÐÅÏ¢¹«¿ªºó²»µ½Á½¸öÓ×ʱ£¬ÒÑÓй¥»÷Õ߯ðÍ·ÏÖʵÀûÓø÷ì϶ÌáÒé¹¥»÷¡£¼à²âÊý¾ÝÏÔʾ£¬ÕâЩÔçÆÚ¹¥»÷Ô´×ÔλÓÚÓ¡¶ÈµÄ¹¥»÷Õß¡£Èç´ËѸ¿ìµÄ±øÆ÷»¯¹ý³Ì£¬Í¹ÏÔÁ˸ßΣ·ì϶ÔÚµ±½ñÍþв»·¾³ÏÂÃæ¶ÔµÄÑϸñÌôÕ½£¬¹¥»÷Õß½ô¶¢°²È«ÉçÇøºÍ³§Ḛ́䲼µÄ¼¼Êõϸ½Ú£¬Ò»µ©¹«¿ª¼´¿ÉÔÚ¼«¶Ì¹¦·òÄÚת»¯Îª¹¥»÷±øÆ÷¡£Õë¶ÔÕâ´ÎÆØ¹âµÄCVE-2026-48282£¬AdobeÒѰ䲼ÏàÓ¦µÄ°²È«¸üв¹¶¡¡£Ê¹ÓÃAdobe ColdFusionµÄ×éÖ¯±»¶½´Ù¾¡¿ì×°ÖÃ×îиüУ¬ÒÔ±£»¤×ÔÉíϵͳÃâÊÜÔÚ½øÐеĹ¥»÷»î¶¯µÄÇÖº¦¡£
https://securityaffairs.com/194837/hacking/adobe-coldfusion-flaw-cve-2026-48282-now-exploited-in-the-wild.html
5. APT×éÖ¯Armored LikhoËø¶¨µ±¾ÖºÍµçÁ¦»ú¹¹
7ÔÂ6ÈÕ£¬¿¨°Í˹»ùÅû¶£¬ÐÂAPT×éÖ¯Armored LikhoÕý¹¥»÷¶íÂÞ˹¡¢°ÍÎ÷¡¢¹þÈø¿Ë˹̹µÈ¹úµ±¾ÖÓëµçÁ¦»ú¹¹£¬¼æ¾ß¾¼Ã·¸×ïºÍ¼äµýÖ÷ÕÅ¡£Æä¶ñÒ⹤¾ßÒÔBusySnake StealerºÍGo2TunnelΪÖ÷£¬¿ÉÒñ±Î½ÚÔìÖ÷»ú¡¢ÇÔȡƾ֤²¢°´Ð貿ÊðÄ£¿é¡£³õʼÈëÇÖÒÀ¸½Óã²æ´¹µöÓʼþ£¬Í¨¹ý¿ÉÖ´ÐÐÎļþ»òLNKÎļþÖ²Èë¶ñÒâÔØºÉ£¬ºó¶ÜÏÂÔØPython»·¾³ºÍÇÔÃÜ·¨Ê½¡£BusySnakeѡȡ¶¯Ì¬¼Ó½âÃÜ¡¢ÎÞ´°¿ÚÔËÐеȶã±Ü¼¼Êõ£¬Ö°Äܺ¸Ç¼ôÌù°åÇÔÈ¡¡¢Îļþö¾Ù¡¢½ØÍ¼¡¢ÃÜÂëCookieÌáÈ¡¡¢OTPÇÔÈ¡¡¢¼ÓÃÜÇ®±ÒÇ®°ü²éÕÒ¡¢TelegramÍ´´¦ÍøÂç¼°·´ÏòSSHËí·³ÉÁ¢¡£¸Ã×éÖ¯Òѽ«Go2TunnelµÄËí·ְÄÜÕûºÏ½øÇÔÃÜÆ÷£¬ÊµÏÖÓÆ³¤Ô¶³Ì½ÚÔì¡£Æä»î¶¯ÓëEagle Werewolf×éÖ¯´æÔÚ³Áµþ£¬ºóÕßʹÓõÄAquilaRATÔڽṹºÍÓÆ¾Ã»¯ÉÏÓëBusySnakeÀàËÆ¡£Óйػú¹¹Ó¦¼ÓÇ¿Óʼþ·À»¤£¬¼à¿ØÒì³£Python¹ý³ÌºÍGitHubÁ÷Á¿£¬²¢¸üÐÂÖÕ¶ËÏìÓ¦Õ½Êõ¡£
https://www.securityweek.com/armored-likho-apt-targeting-government-electric-power-entities/
6. ¼ÙÒâIT´òTeamsµç»°£¬EtherRATÉøÈëÆóÒµÄÚÍø
7ÔÂ6ÈÕ£¬Unit 42Åû¶£¬¹¥»÷Õßͨ¹ýMicrosoft TeamsÓïÒô¼ÙÒâITÖ§³Ö£¬ÓÕÆÔ±¹¤×°ÖÃEtherRAT£¬»ñÈ¡ÆóÒµÍøÂç³õʼ½Ó¼ûȨ¡£¹¥»÷ʼÓÚÒ»·â¡°Ô±¹¤µ÷²é¡±´¹µöÓʼþ£¬Êܺ¦Õß´ò¿ªºó²»¾Ã±ã½Óµ½±í²¿Teamsͨ»°£¬¶Ô·½×Գơ°ÏµÍ³ÖÎÀíÔ±¡±¡£¹¥»÷ÕßÀûÓÃÆÁÄ»¹²ÏíÖ°ÄÜÓÕµ¼×°ÖÃHopToDesk»òAnyDeskµÈºÏ·¨Ô¶³Ì¹¤¾ß£¬Ëæºó´Ó¶ñÒâÓòÃûÏÂÔØMSI¼ÓÔØÆ÷£¬Æô¶¯Node.js±àдµÄEtherRAT¡£¸ÃľÂíÖ§³ÖºÅÁîÖ´ÐÓ×¢Îļþ²Ù×÷¡¢Êý¾ÝÇÔÈ¡£¬ÆäC2µØÖ·Í¨¹ýÒÔÌ«·»ÖÇÄܺÏÔ¼¼ìË÷£¬´«Í³·â¶Â¼¿Á©ÄÑÒÔ¼ûЧ¡£Unit 42ÔÚ·Ö·¢·þÎñÆ÷·¢ÏÖv1ÖÁv9¶à¸ö°æ±¾£¬Åú×¢¹¥»÷³ÖÐøµü´ú¡£´ËǰͬÀ๥»÷ÒÑÕë¶Ô½ðÈÚ¡¢Ò½ÁÆ»ú¹¹£¬Î¢ÈíÒ²ÓÚËÄÔÂÖÒ¸æ±í²¿TeamsÀÄÓÃÇ÷ÏòÉÏÉý¡£ÎªÓ¦¶ÔÍþв£¬Î¢ÈíÐÂÔö±í²¿À´µçÖÒ¸æ±êʶºÍµÚÈý·½»úеÈË»áÒé´óÌüÕ½Êõ¡£×¨¼Ò½¨Òé¼ÓǿԱ¹¤°²È«ÒâʶÅàѵ£¬ÏÞ¶È±í²¿TeamsÁªÏµÈ¨ÏÞ£¬²¢¼à¿ØÒì³£Ô¶³Ì×ÀÃæÐÐΪ£¬ÓйØÈëÇÖÖ¸±êÒÑÔÚGitHub¹«¿ª¡£
https://www.bleepingcomputer.com/news/security/fake-it-support-calls-on-microsoft-teams-push-etherrat-malware/


¾©¹«Íø°²±¸11010802024551ºÅ