Calisto, a Precursor to Dangerous Proton macOS Malware


Calisto, a Precursor to Dangerous Proton macOS Malware

Calisto remained undetected from the radar of antivirus solutions for years. The malware initially uploaded into virustotal back in 2016 and remains undetected until May 2018.

Calisto installation file is an unsigned DMG image that poses as a Leading Mac security and antivirus software Intego’s security solution for Mac.

Threat actors made the macOS malware appearing more convincing and only the user who already installed the app can spot the difference.

Security researchers have discovered a precursor of the notorious Proton macOS malware. This supposed precursor appears to have been developed back in 2016, a year before Proton, and uploaded on VirusTotal, where it remained undetected for nearly two years until May 2018, when Kaspersky researchers stumbled upon it.

Researchers who analyzed the malware used the term “raw” to describe its code and capabilities.

It was clear in their analysis that the malware was still under development and did not have the same capabilities as the Proton remote access trojan.




Proton malware used in high profile hacks

Proton became a household name in the infosec community in March 2017 when threat intelligence analysts from Sixgill found it being sold on an underground hacking forum for steep prices ranging from $1,200 to $820,000.

Two months later, Proton was seen in the wild for the first time when someone hacked the website of the HandBrake app and poisoned the official app with the malware.




Proton precursor is named Calisto

At the technical level, Proton is considered a remote access trojan (RAT) that can grant attackers full access over a computer. Such features were also found in this precursor malware, which Kaspersky nicknamed Calisto.

According to researchers, Calisto, too, can enable remote logins into infected Macs, enable screen sharing, gain persistence, add a secret root account to a victim’s workstation, and collect files and send them to a remote C&C server.

The data that Calisto likes to hoard and then steal includes stuff like keychain content, details extracted from the user login/password window, network connection info, and Chrome history, bookmarks, and cookies.




SIP can stop Calisto

The most glaring issue was that its creators appear to have developed Calisto before Apple rolled out its SIP (System Integrity Protection) security feature that prevents users/malware from tampering with critical files, even if they have an admin password.

“Calisto was developed in 2016 or earlier, and it seems that its creators simply didn’t take into account the then-new technology,” researchers said.

Because of this, SIP can easily stop Calisto dead in its tracks when the malware runs on modern macOS versions.

Most Mac users, unless they turn off SIP, should be safe from this threat. Furthermore, Calisto also appears to have been abandoned by its creators and hence poses lesser risk than its more dangerous offspring, the Proton RAT.







Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses: