Golang Variant of Cobalt Strike 'Geacon' Targets macOS

20 May 2023
There is a growing trend in utilizing Geacon (a Golang implementation of the Cobalt Strike beacon), to target macOS devices, revealed SentinelOne. The package appeared specifically crafted to first verify its execution on a macOS system and subsequently retrieve an unsigned 'Geacon Plus' payload from a C2 server in China.