Again the Cryptojackers targeted those looking for pirated software such as games like League of Legends and productivity tools like MS Office. OSX.ppminer is detected by the SentinelOne agent pre-execution:Ĭhinese malware researchers brought to light a more recent threat in August 2018. It may reflect the background of the author, who could perhaps have worked on blockchain technology such as Ethereum or HyperLedger, where Go is a popular choice due its performance benefits. The choice of Go for the launcher is odd. The launcher is intriguingly written in Go, or “Golang” as it is widely called, while the miner itself is an older version of XMLRig written in C. Of course, all the Cryptominers mentioned above are detected and blocked by the SentinelOne agent.Īppearing in May 2018, OSX.ppminer was first spotted on Apple Support Communities.
#Macos malware runonly to avoid for install
While the real Firefox gets on with the user’s browsing tasks, the malware runs a script to download and install the Cryptominer and a persistence agent:ĬreativeUpdate was far from an isolated incident, with at least 23 older variants discovered through retro-hunts on VirusTotal. That means while the running version of Firefox will appear to the user as up-to-date in the About menu, the Finder only shows the older version named in the malware’s plist: Here, the executable (highlighted in red) is the malware, and the path to the real Firefox (highlighted in green) is seen to be contained inside the malware’s Resources folder:
#Macos malware runonly to avoid for update
The malware actually wraps and executes a real version of the Firefox browser, which will even update itself inside the malware wrapper. In one of its forms, this trojan presented itself as a fake version of Firefox. Next came “CreativeUpdate”, so named after it was found being distributed by popular 3rd party distribution network in early 2018. That was the second Cryptominer to be unearthed in 2017 by the same SentinelOne researcher. OSX.CPUMeaner was first analyzed by a SentinelOne researcher in November 2017. Here’s a brief timeline of the major events we’ve seen so far: Even Apple’s App Store got involved, hosting an app that was surreptitiously mining cryptocurrency, as did malware researchers from China, proving that both malware and malware hunters truly know no borders.
It’s been a busy 12 months, with macOS researchers from SentinelOne, MalwareBytes and Digital Security all contributing to the discovery of a variety of Cryptojacking software on the platform. Following on from our introduction to Cryptojacking, let’s take a closer look at the current situation on the macOS platform.
0 kommentar(er)
