![]() The silver lining is that experts at SentineLabs have found a way to overcome this obstacle. ![]() It’s all about the use of run-only AppleScripts, a mechanism that makes it extremely problematic to reverse-engineer code because it’s deeply compiled and isn’t human-readable. Whereas these are vanilla hallmarks seen across the mainstream cryptominer environment, one characteristic makes OSAMiner stand out from the crowd. ![]() Having infiltrated a macOS computer, it gobbles up CPU resources, causes the system to freeze, and keeps victims from opening the Activity Monitor. It has been primarily doing the rounds via booby-trapped copies of pirated applications that run the gamut from popular video games to the Mac edition of the Microsoft Office suite. OSAMiner – a mysterious strain with obfuscation at its coreĪccording to a number of earlier reports by Chinese researchers, the cryptominer under scrutiny debuted in 2015. These latest insights into the pest’s modus operandi showed that it had taken a significant evolutionary leap in the past few months. This quirk had prevented security experts from reversing the code until January 2021, when SentinelOne made a breakthrough in disassembling and decompiling the malware. The announcement follows the CBL-Mariner project announcement from last year.Its uniqueness stems from the use of what’s called run-only AppleScript files to download and execute the dodgy components. Recent news Microsoft makes Azure Linux generally available Red Hat presented some much-needed innovation for Ansible at its summit in Boston. Red Hat makes Ansible Event-Driven and adds generative AI chatbot Microsoft wants Copilot everywhere, including in Windows 11Īt its annual Build developer conference in Seattle, Microsoft is making a series of announcements. Microsoft Build: overview, convenience and security for developersĪt Microsoft Build, Microsoft is unveiling a number of new developments that should make developers' lives ea. Logitech serves the post-Covid workplace with expansions to its B2B ecosystemĪ conferencing camera, a laptop dock and a flex workspace management solution: the connection between Logitec. We often hear these voices emanating fro. Reports about the potential dangers of AI are coming thick and fast. The hope for this team of researchers is that they can crack the mystery around this clever malware.Īre Google and OpenAI the right partners to regulate AI? Phil Stokes, a macOS malware researcher at SentinelOne, published the attack’s full-chain with past and present OSAMiner campaigns and IOCs (Indicators of Compromise). It would then download and run a second run-only AppleScript and then run another third/final one.īecause the run-only AppleScript is received in a compiled state (the source code is not readable by humans), security researchers’ analysis was not easy. When the users installed their pirated software, the disguised installers would download and run a run-only AppleScript. It used nested run-only AppleScript files to retrieve its malicious code across different stages at the time. The reason was that the researchers were unable to retrieve the malware’s full code. ![]() However, the reports written after this were not very detailed and did not capture the full extent of OSAMiner’s capabilities. Back in 2018 August and September, two Chinese security firms analyzed an older version of the Malware. However, the crypto miner did not completely avoid detection. Not too invisibleįrom the data collected, it seems that it attacked people in Chinese and Asian Pacific communities mostly. OSAMiner has been active for a while and has evolved in recent times, according to a SentinelOne spokesperson. According to SentinelOne, a security firm, which published a report this week. It is disguised in pirated (cracked) games and software like League of Legends and Microsoft Office for Mac. The malware has been distributed in the wild since at least 2015 and has been named OSAMiner. In the last five years (perhaps more), macOS users have been targeted by a sneaky malware operation, which used a clever trick, making it virtually invisible, while hijacking hardware resources on infected machines to mine cryptocurrency.
0 Comments
Leave a Reply. |