macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages.
March 26, 2025 By Ionut Arghire
The threat actors behind the macOS malware loader known as ReaderUpdate have built new versions of the threat using the Crystal, Nim, Rust, and Go programming languages, SentinelOne reports.
Initially observed in 2020, when it was distributed as a compiled Python binary, the malware has been communicating with a command-and-control (C&C) server at www[.]entryway[.]world, and was seen deploying a payload identified as the Genieo (aka Dolittle and MaxOfferDeal) adware.
Since mid-2024, newer domains were associated with the Crystal, Nim, and Rust variants of ReaderUpdate, but the payload has not been changed, SentinelOne says. The Go variant the cybersecurity firm recently identified follows the same pattern.