Another Mac Malware is Targeting Cryptocurrency Miners
Cybercriminals are now using cryptocurrency related forums as a medium to spread malware to unsuspecting users.
According to a report by Remco Verhoef, founder of DutchSec, criminals are posing as admins or moderators on the cryptocurrency channels, posting messages and recommending users to type a long command over on Terminal that could help with a number of problems.
The new malware dubbed OSX.Dummy, targets careless miners who are running on OSX and creates a backdoor to their system, most likely to steal crypto funds.
The report notes that the malware is being downloaded by unsuspecting users who, a bit naively, runs code given to them on various cryptocurrency online forums by black hat hackers posing as administrators. Upon running the code, their system would then download and install a 34-megabyte file that would effectively open a backdoor to their operation.
The malware has been labeled as “dumb” due to the fact that it is crude in its implementation every step of the way. The infection method requires a user to run a remote code, the file is conspicuously large; it creates clear text files on the system storing the root password.
“We don’t yet know exactly what the hackers behind the malware may intend to do with access to the infected machines,” Malwarebytes’s Thomas Reed wrote. “But given the fact that cryptocurrency mining communities were targeted, it’s a fair bet that they were interested in the theft of cryptocurrency.”
While Apple should be able to flag and block this malicious binary, so far it appears Apple’s protections haven’t been working for the files being executed directly via Terminal.
However, users should understand that it is never a good idea to run code they do not understand, especially given to them in an online forum. Mac malware expert Thomas Reed was quoted as saying, “If users are so careless and unaware of the dangers of running code they copied from an online forum, they most likely have no clue about security best practices, to begin with.”
Following the surge of cryptocurrency prices in 2017, cybercriminals have adopted several means to attack cryptocurrency holders and Mac users have been especially affected.
Last year, Cybersecurity research website Symantec released a statistics showing that a cryptocurrency miner called DevilRobber was the second most widespread Mac Malware. The malware spread via tainted Mac apps uploaded on torrent sites, and it was so widespread at the time that Apple had to issue emergency updates to limit its impact.