Since "run-only" AppleScript come in a compiled state where the source code isn't human-readable, this made analysis harder for security researchers. macOS has many features that help protect your Mac and your personal information from malicious software, or malware. This updated file in particular is designed to help OSAMiner avoid detection. As users installed the pirated software, the boobytrapped installers would download and run a run-only AppleScript, which would download and run a second run-only AppleScript, and then another final third run-only AppleScript. The hook mapping configures which hook from the repository is used and allows for customization. OSAMiner is a well-known OS X and macOS cryptomining Trojan that has been. The primary reason was that security researchers weren't able to retrieve the malware's entire code at the time, which used nested run-only AppleScript files to retrieve its malicious code across different stages. But their reports only scratched the surface of what OSAMiner was capable of, SentinelOne macOS malware researcher Phil Stokes said yesterday. SentinelOne said that two Chinese security firms spotted and analyzed older versions of the OSAMiner in August and September 2018, respectively. But the cryptominer did not go entirely unnoticed. Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) games and software such as League of Legends and Microsoft Office for Mac, security firm SentinelOne said in a report published this week. has been in the wild since at least 2015. Yet analyzing it is difficult because it embeds a run-only AppleScript into another script and uses URLs in public web pages to download the actual payloads. An anonymous reader quotes a report from ZDNet: For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs. macos malware runonly avoid detection for code Run-only AppleScript makes decompiling them into source code a tall order.
0 Comments
Leave a Reply. |