Skip to content

Kandji Blog

PasivRobber: Chinese Spyware or Security Tool?
Threat Intelligence

PasivRobber: Chinese Spyware or Security Tool?

On March 13, 2025, our team found a suspicious mach-O file on Virustotal named wsus. After our initial analysis of this file and the package which installed it, we discovered over 20 related binaries used to capture data from macOS systems and applications, including WeChat, QQ, web browsers, email, etc. This multi-binary suite indicates a deep understanding of macOS and their target applications. The software’s targeted applications and other observed network connections strongly indicate both a Chinese origin and target user base…

Nick Zolotko, Christopher Lopez, & Adam Kohler
Nick Zolotko, Christopher Lopez, & Adam Kohler
Apr 14, 2025
36 min read

Recent News

Get the latest blog updates in your inbox

Subscribe for regular updates and guides written exclusively for Mac admins.

Subscribe

We value your privacy and will never share your information with any third parties.

Product Updates