SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.simpletea (Back to overview)

SimpleTea

Actor(s): Lazarus Group

SimpleTea is a RAT for macOS that is based on the same object-oriented project as SimpleTea for Linux (SimplexTea).

It also shares similarities with POOLRAT (also known as SIMPLESEA), like the supported commands or a single-byte XOR encryption of its configuration. However, the indices of commands are different.

SimpleTea for macOS was uploaded to VirusTotal from Hong Kong and China in September 2023.

References
2023-10-26ESET ResearchESET Research
ESET APT Activity Report Q2–Q3 2023
SimpleTea

There is no Yara-Signature yet.