Thursday, January 21, 20:01
Home security MacOS malware avoided crawling via run-only AppleScripts

MacOS malware avoided crawling via run-only AppleScripts

According to the security company SentinelOne, The users macOS has been the target of an insidious malware campaign for over five years. This campaign used a clever trick (run-only AppleScripts) to avoid detection and aimed at mining cryptocurrency from macOS systems of the victims.

macOS run-only AppleScripts
MacOS malware avoided crawling via run-only AppleScripts

The researchers said that malware used in the campaign is called OSAMiner and has been distributed since at least 2015, through pirated (cracked) games and software, such as League of Legends and Microsoft Office for Mac.

"OSAMiner has been active for a long time and has evolved in recent months", Said a representative of SentinelOne to ZDNet.

"From data that we have, seems to target mainly its communities China and Asia-Pacific region", The spokesman added.

Run-only AppleScripts to avoid crawling

As mentioned above, the cryptominer has been distributed since at least 2015. However, according to SentinelOne, two Chinese Companies security identified and analyzed earlier versions of OSAMiner August and September of 2018, respectively.

Their reports, however, were incomplete, as they distinguished only a few features of OSAMiner. This was due in part to the fact that researchers were unable to retrieve the entire malware code at that time.

After installing the pirated software, boobytrapped installers download and run one run-only AppleScript, which downloads and executes a second run-only AppleScript, and then a third.

MacOS malware avoided crawling via run-only AppleScripts

As the "run-only" AppleScript is in a state where ο source code cannot be read by man, cryptominer analysis is even more difficult.

A SentinelOne investigator has released details of the attack, along with IOC indicators of older and newer OSAMiner campaigns. The research team hopes that by breaking the mystery surrounding this campaign and publishing IOCs, other software providers security macOS will be able to detect and protect OSAMiner attacks users macOS.

"The run-only AppleScripts are amazing rarely in the world of macOS malware, but both the duration (5 years) and the lack of attention in the OSAMiner campaign show just how run-only AppleScripts are strong to avoid detection and analysis", Concluded the researcher.

"In this case, we did not see the attacker use any of the more powerful AppleScript features we have discussed elsewhere. It is, however, one threatening which remains strong as it cannot be handled by many defense tools".

Source: ZDNet

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...
00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...