![]() Until recently, an adequate decompiler was not available to review the functions in the embedded AppleScript. A recently discovered variant of OSAMiner has remained hidden, in part due to its use of embedded run-only AppleScripts. Improving the CrowdStrike Falcon platform’s ability to detect macOS threats is a continuous. OSAMiner is a well-known OS X and macOS cryptomining Trojan that has been circulating since 2015. Rocke Group has been using the Pro-Ocean malware to exploit known vulnerabilities to target applications such as Oracle WebLogic ( CVE-2017-10271 ), Apache ActiveMQ ( CVE-2016-3088 ), and Redis (unsecured instances). OSX.EvilQuest was the most prevalent macOS ransomware family in 2021, accounting for 98 of ransomware in the researchers’ analysis, while OSX.Flashback accounted for 31 of macOS backdoor threats and OSX.Lador accounted for 47 of macOS trojans. ![]() ![]() Furthermore, the malware uninstalls monitoring agents to avoid detection, attempts to remove other malware and miners such as BillGates, Luoxk, Hashfish, and XMRig before installation, and after installation kills any process that uses the CPU heavily.The rootkit capabilities help conceal the malicious activities. Pro-Ocean uses a Python infection script to utilize its newly added worm capabilities.When exporting a Run-Only script over an existing file, Script Debugger ensures that pre-existing. The malware has been researched in the past 1, 2 but the run-only AppleScript file hindered full analysis, limiting it to observing the behavior of the sample. In addition, the malware developer has added several new code snippets to the library for further functionalities. Useful debugging tool to detect AppleScript errors. OSAMiner typically spreads via pirated copies of games and software, League of Legends and Microsoft Office for macOS being among the more popular examples. The updated features have been added in the Libprocesshider library, which is used by the malware for hiding processes.Palo Alto Unit 42 researchers have uncovered the revised version of the Pro-Ocean malware explaining its four-module structure, consisting of a rootkit module, a mining module, a Watchdog module, and an infection module.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |