Cryptocurrency investors that use both Slack and Discord chat platforms are targeted by a new MacOS malware.
The malware was first discovered this Friday after multiple attacks were observed last week. OSX.Dummy is an unsophisticated piece of malware, but if a system is successfully attacked, it will open the macOS to remote arbitrary code execution.
Once the connection to the hacker’s C&C server is established, the cybercriminal will be able to hijack the entire device by running arbitrarily commands as root.
Cybersecurity researchers have seen a lot of MacOS malware attacks in the last week; all done by using OSX.Dummy malware. These cyber attacks were launch from crypto related (Slack or Discord) chats groups by hackers which were impersonating admins or other important group members.
By doing this naive user were tricked by cybercriminals to execute a script that downloads the OSX.Dummy malware via a cURL.
Companies and individual people must take certain precautions against this growing phenomenon of cyber attacks; for that they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems, using antivirus for Windows or antivirus for Mac depending on which OS your device is using. Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.
Initially, the 34Mb mach064 binary file containing OSX.Dummy is downloaded to macOS/tmp/script directory and then executed.
Normally a binary file like that would be blocked by Gatekeeper; but because it is unsigned the malware is able to bypass the macOS Gatekeeper security software and then download the OSX.Dummy malware; this is why the built-in macOS malware mitigations should never be viewed as a panacea.
After the malware binary is executed, a macOS sudo command changes the malware’s permissions to root. With root permissions graded, the malware then inserts code in various macOS directories including “/Library/LaunchDaemons/com.startup.plist”, for persistence.
If all goes according to plan and the attack is successful, in its final stage, the malware connects with the hacker’s C & C server; by having this connection the attacker can then hijack the entire targeted system.
Funny is that the malware is named OSX.Dummy because one of the directories used to dump the victim’s password is called “/tmp/dumpdummy”; it is also named like that because the infection method is dumb, the massive size of the binary is dumb and the persistence mechanism is dumb.
Worrying is that even with such “Dummy” malware hackers can hijack your devices that store valuable private data; so don’t take cybersecurity as granted and use a strong cybersecurity solution.
Keep in mind that every device has a significant value that must be protected by at least cybersecurity solution like an antivirus. Depending on which OS your device is running, install an antivirus for Windows or antivirus for Mac for total protection. Companies must take an extra step and hire a professional cybersecurity firm that will run various cybersecurity tests on your company’s network to implement only the best possible cybersecurity solution. Always opt for a package that includes at least a penetration test and ethical hacking test. For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.