A newly analyzed Go-based macOS remote access trojan (RAT), internally named Minirat, has surfaced in the wild using anti-VM checks, LaunchAgent persistence, and AES-encrypted command and control (C2) configuration to maintain stealthy, long-term access on victim endpoints. According to SafeDep, the initial infection vector was a malicious npm package (velora-dex-sdk) that dropped the Go-based macOS RAT onto developer endpoints.
Attacks deployed through NPM is becoming a larger threat vector targeting macOS devices. Myth of Mac being safe is no longer the case.
u/Few-Calligrapher2797 — 24 days ago