![]() ![]() ![]() To decompile the malicious malware scripts, Sentinel Labs researchers had to use a relatively lesser-known AppleScript-disassembler project and another custom tool developed by the security firm. Once those embedded scripts were decompiled, the researchers determined the malware uses four methods to execute the run-only AppleScript: The Sentinel Labs team found the malware authors had embedded additional characters to obfuscate its processes. A script to ensure persistence for the parent script.A parent script for gathering the device serial number and for killing all the running processes in the device.An anti-analysis AppleScript to perform evasion tasks from certain consumer-level monitoring and cleanup tools.A script that downloads and sets up XMR-STAK-RX, a free, open-source monero RandomX miner software package.The researchers say that once the malware has compromised a macOS device, it will seek to kill several processes, including Activity Monitor, which prevents the user from inspecting resource usage. Other security researchers have reported attacks targeting macOS devices to plant cryptominers or other types of malware.Įarlier this month, researchers at Intezer Labs uncovered a campaign using a remote access Trojan dubbed ElectroRAT that had been stealing cryptocurrency from digital wallets on Windows, Linux and macOS platforms (see: ElectroRAT Malware Targets Cryptocurrency Wallets). In December, researchers at Trend Micro uncovered a macOS backdoor variant linked to an advanced persistent threat group operating from Vietnam. The malware used an updated backdoor and multistage payloads as well as anti-detection techniques to help bypass security tools (see: Fresh MacOS Backdoor Variant Linked to Vietnamese Hackers). In July 2020, the security firm ESET reported a group of spoofed cryptocurrency trading apps was targeting devices running macOS to install malware called Gmera (see: Malicious Cryptocurrency Trading Apps Target MacOS Users).As we await next week's Worldwide Developer Conference, we discuss what Apple may present. ![]() We also look at a clever method hackers are using to steal WhatsApp accounts, remind users to update Zoom, and examine why Apple has earned the third-highest gaming revenue in 2021. Show Notes: iCloud Time Machine for Mac & new AirPort routers pop out of rumor mill - but hurdles abound Why Apple Is Missing the Boat on Home Wi-fi Gurman: Apple Preparing to Debut Enhanced Lock Screen, Windowing in iPadOS, Redesigned Mac Apps, and More at WWDC 'realityOS' Trademark Filing Hints at Possible WWDC Announcement Hackers steal WhatsApp accounts using call forwarding trick Messages Sent Through Zoom Can Expose People to Cyber-Attack Apple earned the third-most gaming revenue in 2021, outpacing Microsoft & Nintendo Apple injects ads into “ad-free” Apple Music playlists Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |