![]() In recent years malware on the Mac actually decreased, however, as you will see if you read on, Macs are not completely safe from attacks. For more information read: how Apple protects you from malware. We also discuss whether Macs need antivirus software separately. This is part of Apple’s Gatekeeper software that blocks apps created by malware developers and verifies that apps haven’t been tampered with. Apple has all the malware definitions in its XProtect file which sits on your Mac, and every time you download a new application it checks that none of those definitions are present. In addition Apple has its own built-in anti-malware tool. If you were to install something from an unknown developer Apple would warn you to check it’s authenticity. You can specify whether only apps from the Mac App Store can be installed, or if you are happy to allow apps from identified developers too. You can check these settings in macOS Ventura’s System Settings > Privacy & Security and scroll to the Security section, or, if you are using Monterey or older, go to System Preferences > Security & Privacy > General. For example, macOS shouldn’t allow the installation of third-party software unless it’s from the App Store or identified developers. For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs.Luckily Apple has various measures in place to guard against such threats. Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) games and software such as League of Legends and Microsoft Office for Mac, security firm SentinelOne said in a report published this week. “OSAMiner has been active for a long time and has evolved in recent months,” a SentinelOne spokesperson told ZDNet in an email interview on Monday. “From what data we have it appears to be mostly targeted at Chineses/Asia-Pacific communities,” the spokesperson added. Nested run-only AppleScripts, for the win!īut the cryptominer did not go entirely unnoticed. SentinelOne said that two Chinese security firms spotted and analyzed older versions of the OSAMiner in August and September 2018, respectively.īut their reports only scratched the surface of what OSAMiner was capable of, SentinelOne macOS malware researcher Phil Stokes said yesterday. The primary reason was that security researchers weren’t able to retrieve the malware’s entire code at the time, which used nested run-only AppleScript files to retrieve its malicious code across different stages.Īs users installed the pirated software, the boobytrapped installers would download and run a run-only AppleScript, which would download and run a second run-only AppleScript, and then another final third run-only AppleScript. Since “run-only” AppleScript come in a compiled state where the source code isn’t human-readable, this made analysis harder for security researchers. ![]() Yesterday, Stokes published the full-chain of this attack, along with indicators of compromise (IOCs) of past and newer OSAMiner campaigns. ![]() Stokes and the SentinelOne team hope that by finally cracking the mystery surrounding this campaign and by publishing IOCs, other macOS security software providers would now be able to detect OSAMiner attacks and help protect macOS users. “In this case, we have not seen the actor use any of the more powerful features of AppleScript that we’ve discussed elsewhere, but that is an attack vector that remains wide open and which many defensive tools are not equipped to handle.” “Run-only AppleScripts are surprisingly rare in the macOS malware world, but both the longevity of and the lack of attention to the macOS.OSAMiner campaign, which has likely been running for at least 5 years, shows exactly how powerful run-only AppleScripts can be for evasion and anti-analysis,” Stokes concluded in his report yesterday. The IOCs are available in the SentinelOne OSAMiner report, here. Apple has spent years reinforcing macOS with new security features to make it tougher for malware to break in. But a newly discovered vulnerability broke through most of macOS’ newer security protections with a double-click of a malicious app, a feat not meant to be allowed under Apple’s watch. Worse, evidence shows a notorious family of Mac malware had been exploiting this vulnerability for months before it was subsequently patched by Apple this week. Over the years, Macs have adapted to catch the most common types of malware by putting technical obstacles in their way. Indeed, macOS flags potentially malicious apps masquerading as documents that have been downloaded from the internet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |