- #Macos years used runonly applescripts detection code#
- #Macos years used runonly applescripts detection download#
With the new detection method in analysts’ toolkit, this cryptominer will likely become more detectable across the AV spectrum. It turns out that OSAMiner operators have recently switched to a tactic where one run-only AppleScript file is embedded in another – as if the one-step obfuscation hadn’t been effective enough for years. They used a mix of a publicly available AppleScript disassembler and their proprietary decompiler solution to unearth the architecture of the sneaky malware. The silver lining is that experts at SentineLabs have found a way to overcome this obstacle.
#Macos years used runonly applescripts detection code#
It’s all about the use of run-only AppleScripts, a mechanism that makes it extremely problematic to reverse-engineer code because it’s deeply compiled and isn’t human-readable. Whereas these are vanilla hallmarks seen across the mainstream cryptominer environment, one characteristic makes OSAMiner stand out from the crowd. Having infiltrated a macOS computer, it gobbles up CPU resources, causes the system to freeze, and keeps victims from opening the Activity Monitor.
It has been primarily doing the rounds via booby-trapped copies of pirated applications that run the gamut from popular video games to the Mac edition of the Microsoft Office suite. OSAMiner – a mysterious strain with obfuscation at its coreĪccording to a number of earlier reports by Chinese researchers, the cryptominer under scrutiny debuted in 2015. nd Catalin Cimpanu adds- macOS malware used run-only AppleScripts to avoid detection for five years: A sneaky malware operation used a clever trick to. These latest insights into the pest’s modus operandi showed that it had taken a significant evolutionary leap in the past few months. This quirk had prevented security experts from reversing the code until January 2021, when SentinelOne made a breakthrough in disassembling and decompiling the malware.
#Macos years used runonly applescripts detection download#
Its uniqueness stems from the use of what’s called run-only AppleScript files to download and execute the dodgy components. These would have been garden-variety findings if it weren’t for the fact that the infection has been playing a hide-and-seek game with researchers since around 2015. White hats have demystified a five-year-old Mac cryptomining campaign that hinges on a hugely unorthodox technique to fly under the radar.Īnalysts at cybersecurity firm SentinelOne have recently shed light on a long-running macOS cryptomining malware strain codenamed OSAMiner.
0 kommentar(er)
