Someone impersonating administrators of cryptocurrency-related discussion channels on Slack, Discord, and other social messaging platforms has been attempting to lure others into installing macOS malw…
mac hacker – read more
Enlarge (credit: Lucasfilm)
Someone impersonating administrators of cryptocurrency-related discussion channels on Slack, Discord, and other social messaging platforms has been attempting to lure others into installing macOS malware. The social-engineering campaign consists of posting a script in discussions and encouraging people to copy and paste that script into a Terminal window on their Macs. The command downloads a huge (34 megabyte) file and executes it, establishing a remote connection that acts as a backdoor for the attacker.
Patrick Wardle, a Mac malware expert, also examined the malware and dubbed it “OSX.Dummy” because, as he wrote:
- the infection method is dumb
- the massive size of the binary is dumb
- the persistence mechanism is lame (and thus also dumb)
- the capabilities are rather limited (and thus rather dumb)
- it’s trivial to detect at every step (that dumb)
- … and finally, the malware saves the user’s password to dumpdummy
The attack, first noted by Remco Verhoef of SANS today, downloads its awkward payload from a remote server, makes that file executable, and runs it. It looks something like this:
Read 3 remaining paragraphs | Comments
One worry, however, is the saving of your Mac password in plaintext … Related This Cheap Touchscreen Hack For The MacBook Works Surprisingly Well “We don’t yet know exactly what the hackers behind the malware may intend to do with access to the …
mac hacker – read more
The attack allows malicious applications to break out of their sandbox and access the entire operating system, giving an adversary complete control of the targeted device.
Threatpost | The first stop for security news