A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems.
The findings come from SentinelOne, which observed an uptick in the number of Geacon payloads appearing on VirusTotal in recent months.
“While some of these are likely red-team operations, others bear the characteristics of genuine malicious attacks,” security researchers Phil Stokes and Dinesh Devadoss said in a report.
Cobalt Strike is a well-known red teaming and adversary simulation tool developed by Fortra. Owing to its myriad post-exploitation capabilities, illegally cracked versions of the software have been abused by threat actors over the years.