As stated by internal Wine admins, “You can start your Windows application straight from your regular desktop environment, place that application's window side by side with native applications, copy/paste from one to the other, and run it all at full speed”. Wine provides a compatibility layer that allows Windows system calls to be run on a substitute operating system. Running DM (32-bit) on Linux and Mac OSX is accomplished with the use of Wine, an open-source application that allows Unix-like operating systems to execute programs written for Microsoft Windows. Researchers at Sentinel Labs have identified an updated version of OSAMiner, the cryptominer that targets the Mac operating system to mine Monero.Figure 1: Screenshot showing Digital Micrograph 2.01.694.0 on Mac OSX Lion (10.7.2). According to Sentinel Labs, OSAMiner has been active since 2015, spreading through compromised video games like League of Legends, and hacked versions of software packages such as Microsoft Office for macOS. The latest version of OSAMiner uses new techniques to evade detection. This malware now uses multiple versions of AppleScript, a scripting language used to automate macOS actions, to improve obfuscation. OSAMiner uses run-only AppleScripts to make it more difficult for its code to be reverse-engineered. In order to decompile the malware scripts, the researchers used a lesser-known AppleScript-dissembler project and a custom tool developed by Sentinel labs. The researchers discovered that the malware uses multiple methods to execute the run-only AppleScript. These methods include a script to ensure the parent script's persistence, a parent script to kill running processes in a device, an anti-analysis AppleScript to perform tasks in support of evasion, a script that downloads the XMR-STAK-RX RandomX miner, and more. This article continues to discuss new techniques used by the updated version of OSAMiner to prevent detection and other reports of attacks targeting macOS devices to plant cryptominers.In the last five years (perhaps more), macOS users have been targeted by a sneaky malware operation, which used a clever trick, making it virtually invisible, while hijacking hardware resources on infected machines to mine cryptocurrency. The malware has been distributed in the wild since at least 2015 and has been named OSAMiner. It is disguised in pirated (cracked) games and software like League of Legends and Microsoft Office for Mac. #MACOS MALWARE YEARS RUNONLY APPLESCRIPTS DETECTION SOFTWARE# According to SentinelOne, a security firm, which published a report this week. OSAMiner has been active for a while and has evolved in recent times, according to a SentinelOne spokesperson. Not too invisibleįrom the data collected, it seems that it attacked people in Chinese and Asian Pacific communities mostly. However, the crypto miner did not completely avoid detection. Back in 2018 August and September, two Chinese security firms analyzed an older version of the Malware. However, the reports written after this were not very detailed and did not capture the full extent of OSAMiner’s capabilities. The reason was that the researchers were unable to retrieve the malware’s full code. #MACOS MALWARE YEARS RUNONLY APPLESCRIPTS DETECTION FULL# It used nested run-only AppleScript files to retrieve its malicious code across different stages at the time. When the users installed their pirated software, the disguised installers would download and run a run-only AppleScript. It would then download and run a second run-only AppleScript and then run another third/final one.īecause the run-only AppleScript is received in a compiled state (the source code is not readable by humans), security researchers’ analysis was not easy. #MACOS MALWARE YEARS RUNONLY APPLESCRIPTS DETECTION CODE# Phil Stokes, a macOS malware researcher at SentinelOne, published the attack’s full-chain with past and present OSAMiner campaigns and IOCs (Indicators of Compromise). The hope for this team of researchers is that they can crack the mystery around this clever malware. #MACOS MALWARE YEARS RUNONLY APPLESCRIPTS DETECTION CODE#.#MACOS MALWARE YEARS RUNONLY APPLESCRIPTS DETECTION SOFTWARE#.#MACOS MALWARE YEARS RUNONLY APPLESCRIPTS DETECTION FULL#.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |