Previous All Posts Next

Malware Combo Targets Mac Systems

Posted: December 11, 2018 to Technology.

Tags: Malware, Data Breach, Cloud Security

Darthminer is a recently discovered threat that targets Mac systems via Adobe.  Malwarebytes security researches warn that the threat is actually a combination of two open-source programs. The threat is distributed through an application called Adobe Zii.  It utilizes a generic Automater applet icon instead of a stolen Adobe Creative Cloud logo.  The fake application runs a shell script that downloads and executes a Python script.  Then it downloads and runs an app named sample.app.  The sample.app appears to be a version of Adobe Zii in an effort to conceal its malicious activity. Malwarebytes states that “the obfuscated Python script looks for the presence of Little Snitch, a commonly-used outgoing firewall, and stops the infection process if the tool is found.”  They also note that the firewall should have already blocked the script’s download attempts. Next, the script generates an EmPyre backend door that can execute arbitrary commands on the infected Mac.  Scripts are fetched via that backdoor, and other malicious malware components are installed. It is this backdoor that is the true concern.  Further, a launch agent ensures persistence. As if that weren’t enough, the attack also results in the XMRig cryptominer being installed on the compromised Mac with its own launch agent to keep the process running. “It’s impossible to know exactly what damage this malware might have done to infected systems. Just because we have only observed the mining behavior does not mean it hasn’t ever done other things,” Malwarebytes notes.  Further analysis of the script also revealed code to download and install a root certificate for the mitmproxy tool.  The tool can intercept web traffic, including encrypted traffic, however, it isn’t active in the observed malware. A key issue surrounding this threat is software piracy, which will compound Mac infections if the threat is copied and distributed along with the software. Malwarebytes implored people to forego downloading and using pirated software, pointing out that it could cost users more than buying legitimate software. Security awareness training can also prevent many computer and system infection. Learn more about it here.

Related Articles

API Security 360: Discovery, Testing, and Runtime Defense API Security 360: Discovery, Testing, and Runtime Defense Platform Engineering Playbook: Build Your Internal Developer Portal Platform Engineering Playbook: Build Your Internal Developer Portal Invalid Response from OpenAI? Here’s How to Fix It Invalid Response from OpenAI? Here’s How to Fix It Data Mesh or Data Fabric? Charting Your Enterprise’s Future Data Mesh or Data Fabric? Charting Your Enterprise’s Future
Craig Petronella
Craig Petronella
CEO & Founder, Petronella Technology Group | CMMC Registered Practitioner

Craig Petronella is a cybersecurity expert with over 24 years of experience protecting businesses from cyber threats. As founder of Petronella Technology Group, he has helped over 2,500 organizations strengthen their security posture, achieve compliance, and respond to incidents.

LinkedIn Twitter About
Related Service
Need Cybersecurity or Compliance Help?

Schedule a free consultation with our cybersecurity experts to discuss your security needs.

Schedule Free Consultation
Previous All Posts Next