Used runonly applescripts to avoid detection software# “OSAMiner has been active for a long time and has evolved in recent months,” a SentinelOne spokesperson told ZDNet in an email interview on Monday. “From what data we have it appears to be mostly targeted at Chineses/Asia-Pacific communities,” the spokesperson added. Nested run-only AppleScripts, for the win!īut the cryptominer did not go entirely unnoticed. SentinelOne said that two Chinese security firms spotted and analyzed older versions of the OSAMiner in August and September 2018, respectively.īut their reports only scratched the surface of what OSAMiner was capable of, SentinelOne macOS malware researcher Phil Stokes said yesterday. The primary reason was that security researchers weren’t able to retrieve the malware’s entire code at the time, which used nested run-only AppleScript files to retrieve its malicious code across different stages.Īs users installed the pirated software, the boobytrapped installers would download and run a run-only AppleScript, which would download and run a second run-only AppleScript, and then another final third run-only AppleScript. Since “run-only” AppleScript come in a compiled state where the source code isn’t human-readable, this made analysis harder for security researchers. Used runonly applescripts to avoid detection software#.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |