OSAMiner, which has been active since 2015, has been distributed through hacked video games, such as League of Legends, as well as compromised versions of software packages, including Microsoft Office for macOS, Sentinel Labs says. The malware now uses multiple versions of AppleScript - a scripting language used in macOS devices - to support obfuscation. OSAMiner's operators released the latest version of the cryptominer in 2020, but researchers only recently discovered the enhancements, according to the researchers' report. ![]() "In late 2020, we discovered that the malware authors, presumably building on their earlier success in evading full analysis, had continued to develop and evolve their techniques," says Phil Stokes, a threat researcher at Sentinel Labs. "Recent versions of macOS.OSAMiner add greater complexity by embedding one run-only AppleScript inside another, further complicating the already difficult process of analysis." Security Evasion #Malware used runonly applescripts to avoid full# OSAMiner uses run-only AppleScripts to make reverse-engineering of its code difficult, the researchers say. To decompile the malicious malware scripts, Sentinel Labs researchers had to use a relatively lesser-known AppleScript-disassembler project and another custom tool developed by the security firm. Once those embedded scripts were decompiled, the researchers determined the malware uses four methods to execute the run-only AppleScript: The Sentinel Labs team found the malware authors had embedded additional characters to obfuscate its processes. A script to ensure persistence for the parent script.A parent script for gathering the device serial number and for killing all the running processes in the device.#Malware used runonly applescripts to avoid serial number# A script that downloads and sets up XMR-STAK-RX, a free, open-source monero RandomX miner software package.An anti-analysis AppleScript to perform evasion tasks from certain consumer-level monitoring and cleanup tools. The researchers say that once the malware has compromised a macOS device, it will seek to kill several processes, including Activity Monitor, which prevents the user from inspecting resource usage. Other security researchers have reported attacks targeting macOS devices to plant cryptominers or other types of malware.Įarlier this month, researchers at Intezer Labs uncovered a campaign using a remote access Trojan dubbed ElectroRAT that had been stealing cryptocurrency from digital wallets on Windows, Linux and macOS platforms (see: ElectroRAT Malware Targets Cryptocurrency Wallets). In December, researchers at Trend Micro uncovered a macOS backdoor variant linked to an advanced persistent threat group operating from Vietnam. In July 2020, the security firm ESET reported a group of spoofed cryptocurrency trading apps was targeting devices running macOS to install malware called Gmera (see: Malicious Cryptocurrency Trading Apps Target MacOS Users)./en/internetsafety/avoiding-spam-and-phishing/content/ How to avoid malware The malware used an updated backdoor and multistage payloads as well as anti-detection techniques to help bypass security tools (see: Fresh MacOS Backdoor Variant Linked to Vietnamese Hackers). #Malware used runonly applescripts to avoid install# Malware is one of the most common hazards to your computer when you're online, but it's easy to avoid. Developing safe and smart browsing habits can protect you from malware and other threats, like viruses. Securing your computer and learning how to identify and avoid suspicious links are the fundamentals of safe browsing habits. #Malware used runonly applescripts to avoid how to# Limiting your computer's vulnerability to malware is a crucial safe browsing habit. You can protect your computer by running antivirus and antimalware software like Bitdefender or Norton. #Malware used runonly applescripts to avoid software# These programs can block malware from being installed and can remove it if it does get onto your computer. Even if you don't see signs of malware on your computer, running regular scans can catch any malware that has escaped notice. Many malware programs take advantage of security flaws in Windows and other software. Keeping your OS, browser, and other programs updated is an important step in protecting your computer. The security patches in these updates make your computer immune to many threats. ![]() Ads can look like messages saying you have won a prize and instructing you to click to claim it.Pop-up windows frequently contain malware or attempt to lead you to a less secure site. ![]() Most reputable sites don't use pop-up windows. Many browsers block pop-up windows by default. #Malware used runonly applescripts to avoid software#.#Malware used runonly applescripts to avoid full#.#Malware used runonly applescripts to avoid install#.#Malware used runonly applescripts to avoid serial number#.#Malware used runonly applescripts to avoid how to#.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |