Another day, another cryptocurrency miner targeting users – This time, MacUpdate site has been hacked to drop cryptocurrency miner on Mac devices.
MacUpdate, a well-known software download, and aggregator platform, has become a victim of a hack attack and the service is now distributing cryptocurrency miners to Mac users, revealed SentinelOne’s security researcher Arnaud Abbati.
Dubbed CreativeUpdate trojan/miner, by Abbati, the malware is a dropper of the open source developer tool Platypus that downloads a miner from Adobe Creative Cloud servers – Whoever has downloaded links from February 1 to February 2, 2018, is currently at risk.
Cybercriminals apparently infiltrated the MacUpdate website to distribute the malware. They installed modified copies of the cryptomining apps OnyX, Firefox and Deeper and replaced the download links for each of these modified apps with links that led users to malicious domains. According to Thomas Reed from Malwarebytes, the fake domains show URLs that were already modified but looked legit and convincing to users.
OnyX and Deeper are developed by Titanium Software, which can be accessed at titanium-software.fr, but the link has been maliciously altered as titaniumsoftware.org to redirect users to download URLs from this unauthentic address. This new domain was registered on 23rd January but its owner is remained obscured. Conversely, the unauthentic Firefox app is being distributed through fake URL download-installer.cdn-mozilla.net instead of Mozilla.net.
What happens is that the user is requested to store the app into the Applications folder, which is a common requirement even with the original apps. The applications have been created by Platypus, a developer tool that produces full macOS apps from various scripts like Python or Shell scripts.
To read the original article: