Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does new MacOS malware target users through chat?

New malware targets cryptocurrency investors through MacOS and chat platforms were recently discovered. Learn how OSX.Dummy malware works and what users can do to spot the attack.

A researcher discovered new MacOS malware that hackers are using to target cryptocurrency investors on Slack and...

Discord chat platforms. How does this malware, dubbed OSX.Dummy, work and how can users spot these attacks?

While individuals have started to scrutinize the email they receive for potential spam or phishing, this does not happen for all communication methods. And while savvy users are often able to work around these threats, this is not always the case, especially when it involves trusting executable files that are received from untrusted sources.

These behaviors were shown to be dangerous by the newly reported MacOS malware, dubbed OSX.Dummy. The malware was first reported by Remco Verhoef, a Dutch security researcher and ISC SANS handler; another researcher, Patrick Wardle, co-founder of Digita Security and publisher of the Objective-See website, gave the new malware its name after he discovered that the malware was … not smart.

In his blog post about OSX.Dummy, Wardle noted a list of reasons for the name, starting with, "the infection method is dumb," and further noting other ways the malware is "dumb:" a huge (34 Mb) malware binary with limited capabilities that is trivial to detect.

Wardle found that users on the Slack and Discord chat platforms were being targeted via a message from what appeared to be an admin instructing the user to run a command in the terminal on the user's Mac. It seems very likely that targeted users were compromised as the command downloaded a malicious binary and executed it on the computer. The OSX.Dummy MacOS malware then sets itself to run upon startup and connect to its command-and-control (C&C) server.

Researchers found that the binary asked users to enter their password for the malware to run and, since the user executes the command via the terminal, the malicious binary bypassed the Apple Gatekeeper. OSX.Dummy wasn't detected by the antimalware tools in VirusTotal when it was initially detected.

While it is difficult to prevent users from intentionally running MacOS malware on their endpoint, security awareness training should be required around all social engineering and not limited to just email-based spam or phishing attacks. Enterprises can detect OSX.Dummy on their network by monitoring network connections to the C&C and checking the endpoint for specified files mentioned by the ISC or for a Python script running in the background.

Ask the expert:
Have a question about enterprise threats Send it via email today. (All questions are anonymous.)

This was last published in November 2018

Dig Deeper on Platform security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How has OSX.Dummy affected your enterprise security awareness training?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close