![]() Due to the difficulty in reversing run-only AppleScripts, this technique helped it to hide its activity. OSAMiner was novel primarily for its extensive use of multiple, run-only AppleScripts. Uses a Launch Agent for persistence ( T1543.001)Īlso in January, SentinelLabs reported on OSAMiner, part of a campaign that had been in existence in various forms for at least five years and which appears to target primarily Chinese and Asian Mac users by installing a hidden Monero crypto miner.Attempts to hide as a system process ( T1564.001).Uses trojanized Crypto Trading applications.Cross-platform RAT malware written in Go.Applications/eTrader.app/Contents/Utils/mdworker Persistence is via a property list in the user’s LaunchAgents folder. The malicious mdworker binary is copied from the trojan bundle and written as a hidden file in the user’s home folder. The name was carefully chosen: “mdworker” is also the name of a legitimate system binary that powers the Mac’s Spotlight search functionality. The aim was to get cryptocurrency users to install a trojanized application for trading and managing cryptocurrency.Īll versions were built using Electron, and once the trojan app is installed and launched, a malicious background process called “mdworker” functions as the RAT, capable of keylogging, taking screenshots, executing shell commands, and uploading and downloading files. This was the first of an increasingly common-trend throughout 2021: cross-platform malware written in Go targeting macOS, Linux and Windows operating systems. In January 2021, Intezer reported on Operation ElectroRAT, a campaign that had been running throughout 2020 targeting cryptocurrency users. Top 10 In-the-Wild macOS Malware Discoveries 2021 ![]() Let’s take a look at what was unique for each one and the main points that defenders need to be aware of. In 2021 to-date, there have been ten new reported malware discoveries. While commodity adware is by far the most prevalent threat on macOS, most new malware families that emerged in 2021 focused on espionage and data theft.A continued reliance on using LaunchAgents as the primary persistence mechanism.An increasing interest in targeting macOS users in the East (China and Asia).A drive towards attacks on developers and other ‘high-value’ targets.macOS targeted in more cross-platform malware campaigns, with malware written in Go, Kotlin and Python observed.Summary of Key Trends Emerging During 2021Īs we will describe below, several things stand out about macOS malware in 2021. At the end of the post, we draw out the main lessons Mac admins and security teams can learn from this year’s crop of macOS malware to help them better protect their Mac fleets going into 2022. On top of that, you’ll find a breakdown of the essential behavior of each threat and links to deeper technical analyses. In particular, we hone in on what is unique about each malware discovery, who it targets and what its objectives are. As we approach the end of 2021, we take a look at the year’s main malware discoveries targeting the macOS platform with an emphasis on highlighting the changing tactics, techniques and procedures being employed by threat actors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |