Macma

Description

(Symantec) Macma is a macOS backdoor that was first documented by Google in 2021 but appears to have been used since at least 2019. At the time of discovery, it was being distributed in watering hole attacks involving compromised websites in Hong Kong. The watering holes contained exploits for iOS and macOS devices. Users of macOS devices were targeted with a privilege escalation vulnerability (CVE-2021-30869) which allowed the attackers to install Macma on vulnerable systems.

Macma is a modular backdoor. Functionality includes: • Device fingerprinting • Executing commands • Screen capture • Keylogging • Audio capture• Uploading and downloading files

Names

Name
Macma
MacMa
CDDS
OSX.CDDS
DazzleSpy

Type

Backdoor
Info stealer
Credential stealer
Exfiltration

Information

https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset

Mitre Attack

https://attack.mitre.org/software/S1016

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/osx.cdds

Other Information

Uuid

069c86ae-99de-4486-a5c4-fa3616d2a2a4

Last Card Change

2025-06-28

Threat Intelligence Garden

Explorer

Macma

Macma

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks