Researchers discovered today a new piece of malware that is targeting Mac systems by implementing a combination of two open-source programs.
The new malware, named DarthMiner, is distributed via an application known as Adobe Zii, which offers fake support for detecting pirated versions of Adobe programs. Of course the app doesn’t offer that kind of detection, in fact, the fake Adobe Zii software doesn’t even use the stolen Adobe Creative Cloud logo.
The fake app main purpose is to run a shell script that downloads and executes a Python script, and then downloads and runs an app named sample.app, which appears to be a version of Adobe Zii, in order to obfuscate its malicious behavior.
The hidden Python script first looks for the existence of Little Snitch, a commonly-used outgoing firewall, and stops the infection process if the cybersecurity measure is on.
Next is to open a connection to the EmPyre backend backdoor. Which is used to execute arbitrary commands on the infected Mac. The backdoor then downloads a script that fetches and installs the other components of the malware and finally creates an agent to ensure persistence.
The cyber attack ends with the install of the XMRig crypto miner on the compromised Mac, along with another launch agent to keep the XMRig process running.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
A malware analysis done on the script revealed that the code is also used to download and install a root certificate for the mitmproxy tool, which can intercept web traffic, including encrypted traffic.
For the moment cybersecurity experts are saying that it’s impossible to know exactly what damage this malware can really do to the infected systems.
Experts are astonished by the number of users that use programs that facilitate such illegal operations which represent a great infection vector. Keep in mind that software piracy poses high risks to you.
Our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.