← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications | Recorded Future
WHITE Armature_TIP 2025-02-22 Modified: 2025-03-24
114
IOCs
HIGH VOLUME
Recorded Future's Insikt Group has identified a widespread cyberattack campaign involving Vortax, a purported virtual meeting software, which spreads infostealers to steal information on users of macOS.
amosvortaxrecorded futureintelligenceinsikt groupstealcatomic macosstealerfuturemarkopoloinsiktmacosresearchtravelsvortax spreadsinfostealersnetworkmalicious macosdemomoskautargetjunecontact
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Recorded Future Insikt macOS
Indicators of Compromise (1 / 114 total)
All CVE domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname
TYPEINDICATORDESCRIPTIONCREATED
hostname vortax.ioandthenow-suspendedvortax.space 2025-02-22
References (2)
↗ https://www.recordedfuture.com/the-travels-of-markopolo-self-proclaimed-meeting-software-vortax-spreads-infostealers ↗ https://go.recordedfuture.com/hubfs/reports/cta-2024-0617.pdf