In other words, the source code isn’t human-readable. This was because the malware used nested run-only AppleScript files to retrieve its malicious code across different stages.ĪppleScripts arrive in a compiled state. Incidentally, security researchers weren’t able to retrieve the malware’s entire code when they had sensed its activities back in 2018. Red Siege Information Security January 12, 2021
YEARS USED RUNONLY APPLESCRIPTS AVOID DETECTION SOFTWARE
Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) games and software such as League of Legends and Microsoft Office for Mac. From what data we have it appears to be mostly targeted at Chinese/Asia-Pacific communities.” “OSAMiner has been active for a long time and has evolved in recent months.
The distribution is active since at least 2015, indicated security firm SentinelOne in a report published this week. SentinelOne's analyses the OSAMiner macOS cryptocurrency-mining malware that, thanks to its use of run-only AppleScripts, stayed under the radar for a long time also open sources the AEVT decompiler tool /TqIAl8QcmrĪccording to security researchers, the OSAMiner malware was distributed inside pirated (cracked) games and software such as League of Legends and Microsoft Office for Mac. The creators of the malware used processes that were specifically designed to evade detection and analysis by security researchers. The OSAMiner hijacked the hardware resources of infected users to mine cryptocurrency.
0 kommentar(er)
