FIN7 APT groups targeting financial organizations or people with significant financial assets. The group has been active and threat group is characterized by their persistent targeting and large-scale theft of payment card data from victim systems. But FIN7’s financial operations were not limited to card data theft. In some instances, when they encountered and could not obtain payment card data from point of sale (POS) systems, FIN7 pivoted to target finance departments within their victim organizations. This time, FIN7 has returned with a spyware targeting MacOS users with a a python script text executable targeted to get username and password. The group has specifically targeted MacOS users in search of credentials.
Exposure of data