Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 16:58:29 UTC
Home > List all groups > List all tools > List all groups using tool Macma
 Tool: Macma
Names
Macma
MacMa
CDDS
OSX.CDDS
DazzleSpy
Category Malware
Type Backdoor, Info stealer, Credential stealer, Exfiltration
Description
(Symantec) Macma is a macOS backdoor that was first documented by Google in 2021
but appears to have been used since at least 2019. At the time of discovery, it was being
distributed in watering hole attacks involving compromised websites in Hong Kong. The
watering holes contained exploits for iOS and macOS devices. Users of macOS devices
were targeted with a privilege escalation vulnerability (CVE-2021-30869) which
allowed the attackers to install Macma on vulnerable systems.
Macma is a modular backdoor. Functionality includes:
• Device fingerprinting
• Executing commands
• Screen capture
• Keylogging
• Audio capture
• Uploading and downloading files
Information
<https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset>
MITRE ATT&CK <https://attack.mitre.org/software/S1016>
Malpedia <https://malpedia.caad.fkie.fraunhofer.de/details/osx.cdds>
Last change to this tool card: 28 June 2025
Download this tool card in JSON format
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=069c86ae-99de-4486-a5c4-fa3616d2a2a4
Page 1 of 2

All groups using tool Macma
Changed Name Country Observed
APT groups
  Bronze Highland 2012-Jul 2024  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=069c86ae-99de-4486-a5c4-fa3616d2a2a4
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=069c86ae-99de-4486-a5c4-fa3616d2a2a4
Page 2 of 2