Čvc 05

Controversial Malware Targets MacOS Users Through Slack and Discord

Security researchers have revealed that a controversial malware is targeting MacOS users talking about cryptocurrencies on Slack and Discord.


“Dumb” MacOS Attack

The malware was first reported by Remco Verhoef of SANS. He explained that the attacks would impersonate “key people” in chats which are related to cryptocurrencies and then share malicious scripts.

The wrongdoers would try to encourage users to paste the script into the Terminal window of their Macs which would send a command to download 34MB file and execute it. In turn, this would establish a remote connection which would act as a backdoor for the hackers.

The obvious flaws in the plan of the attackers caught the attention of Patrick Wardle, a Mac malware expert. In a more detailed blog post, he noted that:

  • the infection method is dumb
  • the massive size of the binary is dumb
  • the persistence mechanism is lame (and thus also dumb)
  • the capabilities are rather limited (and thus rather dumb)
  • it’s trivial to detect at every step (that dumb)
  • … and finally, the malware saves the user’s password to dumpdummy

Common Sense is the Only Protection You Need

The binary executes a set of libraries, including those of Open SSL, which encrypt its communications back to the server. Remco Verhoef managed to establish that the bash script attempts to connect to a system which belongs to CrownCloud – a German hosting provider.

Once the binary is executed, it would provide the attacker with the ability to successfully execute command-line codes as if he is the root user of the MacOS which is infected.

In order for this to happen, however, the owner of the Mac needs to enter a password, allowing the script to go on. Ironically, the script would store said password in a temporary file which is named “dumpdummy,” as noted by Wardle.

In other words, all you have to do to prevent this malware from causing any damage is refrain from pasting a script provided to you by someone on Slack or Discord on your Terminal window.

What do you think of this malware targeting MacOS users? Don’t hesitate to let us know in the comments below.


Images courtesy of Shutterstock

Share
Čvc 08

Industry Report: The Bitcoin Bill That Became Law

Source: bitcoin

Bitcoin Industry Report

A Bitcoin bill becomes law, a new form of Mac malware emerges, and Steemit uses digital currency to steer traffic. Want to catch up on the latest cryptocurrency news? Take a look at the stories below:

Also read: Industry Report: Is Litecoin Making a Comeback?

THE NEWEST BITCOIN BILL

North Carolina Governor Pat McCrory has signed a new Bitcoin bill into law, expanding the state’s Money Transmitters Act to include cryptocurrencies.

The bill defines virtual money as:

“A digital representation of value that can be digitally traded and functions as a medium of exchange, a unit of account, or a store of value.”

The words almost seem to suggest the status of both a currency and a commodity, which would potentially bring the taxation and regulation fights to a conclusive end. Perianne Boring of the Chamber of Digital Commerce spoke enthusiastically about the bill, saying:

“The fact that this went through the legislative process is a big step forward. The bill also adds more clarity than any other state by a long shot.”

STEEMIT

Social media platform Steemit has given over $1 million in “Steem dollars,” the site’s virtual currency, to users and early adopters in an attempt to raise awareness and garner further traffic. The money was part of a special giveaway where Steemit, now in its third month of operation, could acknowledge those who have made it “a thriving, collaborative community.”

CEO Ned Scott explained:

“This was an opportunity for us to thank our growing community, to reward them for building a sustainable ecosystem that’s much more than the sum of its parts. Yesterday, more than $1.3 million worth of the Steem supply was distributed into the wallets of thousands of users across the world. From every corner, users have been drawn to Steemit because the system rewards thoughtful comments, unlike Reddit or Twitter. The community and the blockchain together power a system that gets better and better every day.”

MAC MALWARE

Pirrit, malware designed to infect Mac computers, has been tracked to a marketing agency in Israel. Pirrit can garner “root access of the infected computer” and hijack Internet traffic. While a script to remove the adware has been designed, that script is no longer functioning.

Explaining the discovery, security researcher Amit Serper says:

“The variant’s creators made a crucial mistake that caused their entire operation to topple like a house of cards. The tar.gz archive format is a POSIX format, which means that it also saves all of the file attributes… inside of the archive as they were on the computer that the archive was created on. So when I listed the files inside the archive, I could see the username of the person who created the archive.”

Know of any stories that should be included in our regular industry reports? Post your comments below!


Images courtesy of anh-usa.org, steemit.com.

The post Industry Report: The Bitcoin Bill That Became Law appeared first on Bitcoinist.net.

Industry Report: The Bitcoin Bill That Became Law

Share