MacUpdate Hacked to Distribute Mac Cryptocurrency Miner

Haythem Elmir

Another day, another cryptocurrency miner targeting users – This time, MacUpdate site has been hacked to drop cryptocurrency miner on Mac devices.

MacUpdate, a well-known software download, and aggregator platform, has become a victim of a hack attack and the service is now distributing cryptocurrency miners to Mac users, revealed SentinelOne’s security researcher Arnaud Abbati.

Dubbed CreativeUpdate trojan/miner, by Abbati, the malware is a dropper of the open source developer tool Platypus that downloads a miner from Adobe Creative Cloud servers – Whoever has downloaded links from February 1 to February 2, 2018, is currently at risk.

Cybercriminals apparently infiltrated the MacUpdate website to distribute the malware. They installed modified copies of the cryptomining apps OnyX, Firefox and Deeper and replaced the download links for each of these modified apps with links that led users to malicious domains. According to Thomas Reed from Malwarebytes, the fake domains show URLs that were already modified but looked legit and convincing to users.

OnyX and Deeper are developed by Titanium Software, which can be accessed at, but the link has been maliciously altered as to redirect users to download URLs from this unauthentic address. This new domain was registered on 23rd January but its owner is remained obscured. Conversely, the unauthentic Firefox app is being distributed through fake URL instead of

What happens is that the user is requested to store the app into the Applications folder, which is a common requirement even with the original apps. The applications have been created by Platypus, a developer tool that produces full macOS apps from various scripts like Python or Shell scripts.

To read the original article:


Laisser un commentaire

Next Post

Joomla! 3.8.3: Privilege Escalation via SQL Injection

Joomla! is one of the biggest players in the market of content management systems. Its easy installation, usage, and extensibility make it the second most used CMS on the web next to WordPress1. Last year, our PHP static code analysis solution unveiled a rare LDAP injection vulnerability within the 500,000 […]