Cryptocurrency users on Discord & Slack hit by MacOS malware

Haythem Elmir

Hackers Are Using A New MacOS Malware Aimed At Cryptocurrency Investors On Discord And Slack Group Chat Communities.

The malware was initially discovered by an IT security expert Remco Verhoef and later analyzed by Patrick Wardle, a former NSA white hat hacker and malware researcher.

Dubbed OSX.Dummy; the malware has been developed in such a way that it impersonates as admins or key people in chat groups. According to Verhoef, small snippets are being shared, leading to download and execute a malicious binary which allows OSX.Dummy authors to remotely access the device by connecting it to command and control (C&C) server.

“If the connection to the attacker’s C&C server succeeds, the attacker will be able to arbitrarily execute commands (as root!) on the infected system,” noted Wardle.

Wardle further noted that the malicious binary is not signed meaning that GateKeeper would block it, however, hackers took care of it by tricking users into downloading the binary directly on their system through terminal commands.

“Normally such a binary would be blocked by Gatekeeper. However, if users are downloading and running a binary directly via terminal commands, Gatekeeper does not come into play and thus unsigned binary will be allowed to execute,” Wardle said. “I guess the take away here is (yet again) the built-in macOS malware mitigations should never be viewed as a panacea.”

“I’m calling it OSX.Dummy as: the infection method is dumb, the massive size of the binary is dumb, the persistence mechanism is lame (and thus also dumb), the capabilities are rather limited (and thus rather dumb), it’s trivial to detect at every step (that dumb) …and finally, OSX.Dummy saves the user’s password to dumpdummy,” Wardle wrote.

Although the malware is called Dummy, cryptocurrency investors on Mac should be careful and refrain from downloading and executing files from 3rd-party platforms especially Discord and Slack group chat communities.

This is not the first time when cryptocurrency users on Mac have been under malware attack. In May this year, a cryptojacking malware called mshelper was found targeting Mac devices.


To read the original article:


Laisser un commentaire

Next Post

Facebook is notifying 800,000 users affected by a blocking bug

Yesterday the social network giant Facebook started notifying 800,000 users affected by a blocking bug. The company has already fixed it. When a Facebook user blocks someone, the blocked user will be not able to interact with him, this means that he will not see his posts, it will not able to start […]