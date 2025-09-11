Malicious actors have targeted macOS systems with the CHILLYHELL backdoor, while Windows and Linux systems have been subjected to attacks with the ZynorRAT trojan, reports The Hacker News

Execution of a newly discovered CHILLYHELL sample, which received Apple notarization four years ago, has allowed comprehensive host profiling and command-and-control communication initialization, followed by self-installation as a LaunchAgent or system LaunchDaemon for persistence, according to an analysis from Jamf Threat Labs researchers. Attackers could also use CHILLYHELL for further payload retrieval and brute-force intrusions.

"Between its multiple persistence mechanisms, ability to communicate over different protocols, and modular structure, ChillyHell is extraordinarily flexible," said Jamf.

Another study from Sysdig researchers showed the deployment of the Go-based Zynor RAT against Windows and Linux hosts, with both versions of the malware allowing directory enumeration, file exfiltration, system profiling, screenshot capturing, and persistence.

"ZynorRAT's customization and automated controls underline the evolving sophistication of modern malware, even within their earliest stages," said Sysdig researcher Alessandra Rizzo.