Controversial Malware Targets MacOS Users Through Slack and Discord

Warning: Ethereum Wallet Injects Malicious Javascript To Steal Data

Security researchers have revealed that a controversial malware is targeting MacOS users talking about cryptocurrencies on Slack and Discord.


“Dumb” MacOS Attack

The malware was first reported by Remco Verhoef of SANS. He explained that the attacks would impersonate “key people” in chats which are related to cryptocurrencies and then share malicious scripts.

The wrongdoers would try to encourage users to paste the script into the Terminal window of their Macs which would send a command to download 34MB file and execute it. In turn, this would establish a remote connection which would act as a backdoor for the hackers.

The obvious flaws in the plan of the attackers caught the attention of Patrick Wardle, a Mac malware expert. In a more detailed blog post, he noted that:

Common Sense is the Only Protection You Need

The binary executes a set of libraries, including those of Open SSL, which encrypt its communications back to the server. Remco Verhoef managed to establish that the bash script attempts to connect to a system which belongs to CrownCloud – a German hosting provider.

Once the binary is executed, it would provide the attacker with the ability to successfully execute command-line codes as if he is the root user of the MacOS which is infected.

In order for this to happen, however, the owner of the Mac needs to enter a password, allowing the script to go on. Ironically, the script would store said password in a temporary file which is named “dumpdummy,” as noted by Wardle.

In other words, all you have to do to prevent this malware from causing any damage is refrain from pasting a script provided to you by someone on Slack or Discord on your Terminal window.

What do you think of this malware targeting MacOS users? Don’t hesitate to let us know in the comments below.


Images courtesy of Shutterstock

Exit mobile version