![]() MALWARE YEARS USED RUNONLY APPLESCRIPTS TO MAC has been in the wild since at least 2015. What’s the craic? Ionut Ilascu reports- Mac malware uses 'run-only' AppleScripts to evade analysis: A cryptocurrency mining campaign … is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. #Years runonly applescripts avoid detection for mac# Not to mention: What everyone really wants. Your humble blogwatcher curated these bloggy bits for your entertainment. What can DevOps learn from this? In this week’s Security Blogwatch, we learn lessons (not “learnings”). ![]() So it’s hard to extract indicators of compromise out of malware obfuscated by them. So-called run-only scripts-what we might today call “bytecode”-are poorly documented and difficult to analyze. ![]() This cryptominer Trojan spread unchecked for some five years. MALWARE YEARS USED RUNONLY APPLESCRIPTS TO SOFTWARE "Run-only AppleScripts are surprisingly rare in the MacOS malware world, but both the longevity of and the lack of attention to the MacOS.OSAMiner campaign, which has likely been running for at least 5 years, shows exactly how powerful run-only AppleScripts can be for evasion and anti-analysis," Stokes concluded in his report yesterday.An AppleScript feature designed to compress scripts into pre-compiled form has allowed bad actors to evade security researchers for years. Stokes and the SentinelOne team hope that by finally cracking the mystery surrounding this campaign and by publishing IOCs, other MacOS security software providers would now be able to detect OSAMiner attacks and help protect MacOS users. #Years runonly applescripts avoid detection for software# Yesterday, Stokes published the full-chain of this attack, along with indicators of compromise (IOCs) of past and newer OSAMiner campaigns.
0 Comments
Leave a Reply. |