It also checks if the machine has enough free space and exits if there isn't sufficient storage. The main role of the parent script is to write the embedded AppleScript to ~/Library/k.plist using a "do shell script" command and execute it. a parent script that executes from the trojanized application. ![]() The recent OSAMiner campaigns use three run-only AppleScript files to deploy the mining process on the infected macOS machine, investigators from SentinelOne have reported: AppleScript files include both the source and the compiled code but enabling "run-only" saves only the compiled version so the human-readable code is no longer available, thus removing the possibility of reverse engineering. The malware has been researched in the past, but the run-only AppleScript file hindered full analysis, limiting it to observing the behavior of the sample. OSAMiner typically spreads via pirated copies of games and software, League of Legends and Microsoft Office for macOS being among the more popular examples. By this time, the virus may be rampant on everywhere on the PC and finally crash the entire system.Ī recently observed variant makes analyzing even more difficult as it embeds a run-only AppleScript into another scripts and uses URLs in public web pages to download the actual Monero miner. Next, no alert(s) may appear when suspicious sites opened or virus infecting. It may terminate protecting functions too. ![]() Besides, it is the reason for the system loopholes. This installation may cause regularly blue screen of the system data and make the PC continually unable to work. In this way, OSAMiner secretly lurks on the PC and does harm to everything. exe file, it runs itself as well when the application is installed. When a user is preparing to install the application and run the. The trojan normally enters a PC with the package of the third party application from unknown hostile sites. And in most of time, even when it begins to exert bad impact on their system, users notice nothing since OSAMiner specializes in disguise. Users may not be aware when OSAMiner enters their PCs. OSAMiner is a typical Trojan which mainly cause system vulnerability on PCs to help hackers’ remote attack. Analyzing it has been difficult because payloads are exported as run-only AppleScript files, which makes decompiling them into source code difficult. The malware is tracked as OSAMiner and has been in the wild since at least 2015. ![]() A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it.
0 Comments
Leave a Reply. |