‘Dumb’ MacOS Malware Attacks Slack, Discord Users Discussing Crypto

Published at: July 2, 2018

Security researchers have discovered MacOS malware attacks targeting Slack and Discord users talking about cryptocurrencies, SC Media UK reports July 2.

Remco Verhoef, founder of network security firm DutchSec, posted about the malware on June 30th in a blog post for the information security and cybersecurity training Sans Institute.

According to Verhoef, the attacks impersonate administrators or “key people” in crypto-related chats, and then share “small snippets” that are downloaded and execute a malicious binary. SC Media UK notes that the malware can steal user passwords and store them on the local machine as well, which Verhoef identifies as German provider CrownCloud’s apparently Netherland-based server.

Patrick Wardle of Digital Security posted on Objective-See on June 29 about the Mac-targeted malware attacks, writing that “apparently attackers are asking users to infect themselves” with a “rather massive machO binary.”

Wardle concludes his blog post by naming the malware “OSX.Dummy” for a variety of reasons that he lists in bullet points:

“the infection method is dumb the massive size of the binary is dumb the persistence mechanism is lame (and thus also dumb) the capabilities are rather limited (and thus rather dumb) it's trivial to detect at every step (that dumb) ...and finally, the malware saves the user's password to dumpdummy”

According to threat intelligence analyst at Unit 42, Palo Alto Networks, Alex Hinchliffe, attacks like this will “improve over time,” and multi-factor authentication should be used for joining an organization’s chat room.

Earlier today, reports broke of a new attack on Bitcoin (BTC) users — monitoring 2.3 million targets — which consists of gaining control of Windows clipboards to swap out a user’s BTC address for that of the attacker. And last week, a cybersecurity report from McAfee Labs stated that cryptojacking instances have risen 629 percent in the first quarter of 2018.

Tags
Related Posts
New Ransomware Employs Never-Before-Seen Attack Method
A new study warns of a new ransomware attack method that runs a virtual machine on target computers in order to infect them with the ransomware. This may play the attack beyond the reach of the computer’s local antivirus software. According to the UK-based cybersecurity firm Sophos, the Ragnar Locker attack is quite selective when choosing its victims. Ragnar’s targets tend to be companies rather than individual users. Almost 1,850 BTC in ransom demanded in a single attack Ragnar Locker asks victims for large amounts of money to decrypt their files. It also threatens to release sensitive data if users …
Technology / May 22, 2020
New Ransomware Uses a Banking Trojan To Attack Governments and Companies
A new type of ransomware attack emerged in recent months, raising red flags among the cybersecurity community and authorities such as the FBI in the United States. Cybersecurity firm Group-IB has warned that it comes in the form of a Trojan, according to a report published on May 17. According to Group-IB’s study, the ransomware is known as ProLock and relies on the Qakbot banking trojan to launch the attack and asks the targets for six-figure USD ransoms paid out in BTC to decrypt the files. The roster of victims includes local governments, financial, healthcare and retail organizations. Among them, …
Bitcoin / May 19, 2020
Maze Hacker Group Claims Infecting Insurance Giant Chubb with Ransomware
Black hat hacker group, Maze, claims to have used ransomware to compromise the systems of insurance giant, Chubb. They also claim to have stolen the firm’s data. Brett Callow, threat analyst at cybersecurity firm, Emsisoft, told Cointelegraph on March 27 that Maze published the claim on its website. While the website does not provide any direct proof of the hack so far, Callow pointed out facts that give the claim an air of credibility: “Maze’s past victims include governments, law firms, healthcare providers, manufacturers, medical research companies, healthcare providers and more.” Maze’s modus operandi Callow explained that the group usually …
Bitcoin / March 29, 2020
Cyber Criminals Netted $4.3B From Crypto-Related Crime in 2019: Study
Cyber criminals have netted $4.3 billion from digital currency exchanges, investors and users in 2019. Blockchain security company CipherTrace gave its summary crypto-related theft in its Anti-Money Laundering report that it shared with Cointelegraph on Aug. 12. According to CipherTrace, outright thefts, scams and other kinds of misappropriation of funds from digital currency holders and trading platforms resulted in around $4.3 billion in losses throughout 2019. In the first quarter of 2019, hackers reportedly stole over $124 million from cryptocurrency exchanges, with a total of $480 million stolen from exchanges in 2019. The largest single incident of loss cited by …
Bitcoin / Aug. 12, 2019
Israeli Citizen Accused of Stealing Over $1.7 Million in Crypto
Eliyahu Gigi, a 31-year-old from Tel Aviv, has been charged with stealing over $1.7 billion in a variety of cryptocurrencies. Gigi allegedly stole Bitcoin (BTC), Ethereum (ETH), and Dash (DASH) from users in the Netherlands, Belgium, and Germany. Lawyer Yeela Harel of the cyber department in the State Attorney's Office filed charges against Gigi on July 17, according to a report published the same day by Israeli business outlet Globes. Gigi has reportedly been charged with crimes including theft, fraud, and money laundering, among others. According to the report, Harel’s indictment claims that Gigi set up a network of scam …
Bitcoin / July 19, 2019