“A new piece of macOS malware has been observed being distributed via crypto-currency related Slack or Discord chat groups, security researchers warn,” Ionut Arghire reports for SecurityWeek. “First detailed late last month, the malware is being distributed by malicious actors who impersonate admins or key people. The actors share small snippets of code with the members of said chat groups, and attempt to convince them into running the code in a terminal.”
“Upon execution of the code, a malicious binary is downloaded and executed onto the victim’s machine. Although the social engineering trick isn’t as sophisticated, some users apparently fall for it,” Arghire reports. “The downloaded payload is rather large, at 34MB. As of Friday, the malware wasn’t being detected by any of the 60 anti-virus engines in VirusTotal, Remco Verhoef, ISC Handler and Founder of DutchSec, explains.”
“The malicious binary is not signed and Gatekeeper would normally flag and block it, but it appears that Apple’s protection measure does not work for files that are executed directly via terminal commands,” Arghire reports. “The reason the binary is so large is that the author apparently packed in it libraries such as OpenSSL and V8, Objective-See’s Patrick Wardle, who named the malware OSX.Dummy, points out.”
Read more in the full article here.
MacDailyNews Take: Let’s be careful out there.
Can’t quite wrap my head around that — They’re smart enough to participate in a cryto-currency chat and to use Terminal, but stupid enough to download code and execute it. What!?
just because they are hanging out in a discord/slack dedicated to cryptocurrency doesn’t mean they know anything. a lot of really dumb people just look for the newest quickest way to make a buck without working for it.. I imagine there are more rubes in the cryptocurrency scene then you think. grifted… serves them right.
I think it will be interesting for you to draw your attention to the fact that the single euro payments area is a system of cross-border payments in euros in the euro area. Here is the site https://cex.io/buy-bitcoins/sepa which provides all the necessary information to help you understand what it is.