![]() To keep yourself safe from such malware, make sure that you only download apps from trustworthy sources. Now that OSAMiner has been detected and its complex architecture has been reverse engineered, it will help other researchers in finding any other hidden “run only” AppleScript malware. ![]() In the event that other threat actors begin picking up on the utility of leveraging run-only AppleScripts, we hope this research and the tools discussed above will prove to be of use to analysts. In this case, we have not seen the actor use any of the more powerful features of AppleScript that we’ve discussed elsewhere, but that is an attack vector that remains wide open and which many defensive tools are not equipped to handle. Run-only AppleScripts are surprisingly rare in the macOS malware world, but both the longevity of and the lack of attention to the macOS.OSAMiner campaign, which has likely been running for at least 5 years, shows exactly how powerful run-only AppleScripts can be for evasion and anti-analysis. SentinelOne noted that run-only AppleScripts are rarely used for macOS malware, but OSAMiner showed that they are incredibly powerful for malicious intents and can be used to remain hidden from detection: The purveyors of such arguments typically make a big deal of trying to undermine any argument that security is an issue on macOS by claiming that malware on. These “run-only” AppleScripts made it easier for OSAMiner to avoid detection over the years. ![]() When users downloaded the affected apps, an AppleScript would be downloaded which would run a second AppleScript, which would, in turn, download the third AppleScript. The malware has also evolved recently and has primarily targeted users in China and Asia-Pacific. 5 that a Russian Advanced Persistent Threat (APT) group is likely behind colossal hacking campaign, but FireEye hasnt publicly attributed the attack to Russia. OSAMiner has been active since 2015, secretly mining cryptocurrency on affected Macs. at least five years due to its use of multiple run-only AppleScripts. OSAMiner has been secretly mining cryptocurrency on affected Macs XCSSET Malware Update macOS Threat Actors Prepare for Life Without Python. Microsoft Detects New TA505 Malware Attacks After Short Break. A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. Named OSAMiner, the malware has been distributed in the wild since at least. Mac malware uses run-only AppleScripts to evade analysis. Everything we know about 2022 14-inch and 16-inch MacBook Pro with M2 Pro and M2 Max And Catalin Cimpanu adds macOS malware used run-only AppleScripts to avoid detection for five years: A sneaky malware operation used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |