• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 18th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Apple News

Cryptocurrency users on Discord & Slack hit by MacOS malware

July 2nd, 2018 Waqas Security, Apple News, Malware 0 comments
Cryptocurrency users on Discord & Slack hit by MacOS malware
Share on FacebookShare on Twitter

Hackers are using a new MacOS malware aimed at cryptocurrency investors on Discord and Slack group chat communities.

The malware was initially discovered by an IT security expert Remco Verhoef and later analyzed by Patrick Wardle, a former NSA white hat hacker and malware researcher.

Dubbed OSX.Dummy; the malware has been developed in such a way that it impersonates as admins or key people in chat groups. According to Verhoef, small snippets are being shared, leading to download and execute a malicious binary which allows OSX.Dummy authors to remotely access the device by connecting it to command and control (C&C) server.

“If the connection to the attacker’s C&C server succeeds, the attacker will be able to arbitrarily execute commands (as root!) on the infected system,” noted Wardle.

Wardle further noted that the malicious binary is not signed meaning that GateKeeper would block it, however, hackers took care of it by tricking users into downloading the binary directly on their system through terminal commands.

“Normally such a binary would be blocked by Gatekeeper. However, if users are downloading and running a binary directly via terminal commands, Gatekeeper does not come into play and thus unsigned binary will be allowed to execute,” Wardle said. “I guess the take away here is (yet again) the built-in macOS malware mitigations should never be viewed as a panacea.”

“I’m calling it OSX.Dummy as: the infection method is dumb, the massive size of the binary is dumb, the persistence mechanism is lame (and thus also dumb), the capabilities are rather limited (and thus rather dumb), it’s trivial to detect at every step (that dumb) …and finally, OSX.Dummy saves the user’s password to dumpdummy,” Wardle wrote.

Although the malware is called Dummy, cryptocurrency investors on Mac should be careful and refrain from downloading and executing files from 3rd-party platforms especially Discord and Slack group chat communities.

This is not the first time when cryptocurrency users on Mac have been under malware attack. In May this year, a cryptojacking malware called mshelper was found targeting Mac devices.

  • Tags
  • Apple
  • Bitcoin
  • Cryptocurrency
  • Discord
  • Mac
  • Malware
  • Monero
  • Scam
  • security
  • Slack
Facebook Twitter LinkedIn Pinterest
Previous article Android devices since 2012 vulnerable to RAMpage vulnerability
Next article Quick look your right eyes and ears while using public WiFi network
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

Warning as hackers breach MFA to target cloud services

Warning as hackers breach MFA to target cloud services

Google reveals high-profile attack targeting Android, Windows users

Google reveals high-profile attack targeting Android, Windows users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
'Child's Play' - Kids breach and bypass Linux Mint screensaver lock
Security

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

909
Transferring data between smartphones seamlessly
Technology News

Transferring data between smartphones seamlessly

623
Infamous cybercrime, carding market Joker's Stash is shutting down
Cyber Crime

Infamous cybercrime, carding market Joker's Stash is shutting down

1148

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us