![]() The distribution is active since at least 2015, indicated security firm SentinelOne in a report published this week. From what data we have it appears to be mostly targeted at Chinese/Asia-Pacific communities.” “OSAMiner has been active for a long time and has evolved in recent months. Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) games and software such as League of Legends and Microsoft Office for Mac. Red Siege Information Security January 12, 2021 Incidentally, security researchers weren’t able to retrieve the malware’s entire code when they had sensed its activities back in 2018. This was because the malware used nested run-only AppleScript files to retrieve its malicious code across different stages.ĪppleScripts arrive in a compiled state. In other words, the source code isn’t human-readable. Although a heightened security measure, this makes analysis a lot harder for external or third-party security researchers. How did the malware infect and spread on an Apple macOS computer?Īs mentioned earlier, the OSAMiner malware creators depended heavily on the distribution, download, and widespread use of illegally obtained and cracked software. #MACOS YEARS USED RUNONLY APPLESCRIPTS AVOID CRACKED# #MACOS YEARS USED RUNONLY APPLESCRIPTS AVOID CRACKED#.An AppleScript feature designed to compress scripts into pre-compiled form has allowed bad actors to evade security researchers for years. ![]() This cryptominer Trojan spread unchecked for some five years. So-called run-only scripts-what we might today call “bytecode”-are poorly documented and difficult to analyze. So it’s hard to extract indicators of compromise out of malware obfuscated by them. What can DevOps learn from this? In this week’s Security Blogwatch, we learn lessons (not “learnings”). Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: What everyone really wants. What’s the craic? Ionut Ilascu reports- Mac malware uses 'run-only' AppleScripts to evade analysis: A cryptocurrency mining campaign … is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. ![]() Has been in the wild since at least 2015. Yet analyzing it is difficult because … it embeds a run-only AppleScript into another script and uses URLs in public web pages to download the actual … payloads. Run-only AppleScript … makes decompiling them into source code a tall order. MACOS MALWARE YEARS USED RUNONLY DETECTION CODE … Security researchers at SentinelOne … were able to reverse engineer some samples they collected by using a lesser-known AppleScript disassembler (Jinmo’s applescript-disassembler) and a decompiler tool developed internally.Īnd Catalin Cimpanu adds- macOS malware used run-only AppleScripts to avoid detection for five years: A sneaky malware operation … used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs. Named OSAMiner, the malware has been distributed in the wild since at least 2015. "OSAMiner has been active for a long time and has evolved in recent months," a SentinelOne spokesperson.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |