New macOS Malware Targets Crypto-Currency Users

Ionut Arghire | July 03, 2018

New macOS Malware Targets Crypto-Currency Users
A new piece of macOS malware has been observed being distributed via crypto-currency related Slack or Discord chat groups, security researchers warn. First detailed late last month, the malware is being distributed by malicious actors who impersonate admins or key people. The actors share small snippets of code with the members of said chat groups, and attempt to convince them into running the code in a terminal. Upon execution of the code, a malicious binary is downloaded and executed onto the victim’s machine. Although the social engineering trick isn’t as sophisticated, some users apparently fall for it. The downloaded payload is rather large, at 34MB. As of Friday, the malware wasn’t being detected by any of the 60 anti-virus engines in VirusTotal, Remco Verhoef, ISC Handler and Founder of DutchSec, explains. The malicious binary is not signed and Gatekeeper would normally flag and block it, but it appears that Apple’s protection measure does not work for files that are executed directly via terminal commands. The reason the binary is so large is that the author apparently packed in it libraries such as OpenSSL and V8, Objective-See’s Patrick Wardle, who named the malware OSX.Dummy, points out. When executed on the target machine, the malware first sets the script to be owned as root. When the threat executes sudo to change the file’s permissions, the user is prompted to enter their password in the terminal, and the malware steals it and saves it to /tmp/dumpdummy. Next, OSX.Dummy sets the script to be executable via chmod +x, moves the script to a new directory, dumps a plist file to /tmp/com.startup.plist and then moves it to the LaunchDaemons directory, sets the owner of the file to root, and then launches the plist launch daemon, for persistency.

Spotlight

This document details best practices for developing a good disaster recovery strategy, with specific additional guidelines for Microsoft SQL Server backups. Then it offers specific details for using two Dell backup and recovery solutions, AppAssure and NetVault Backup.


Other News
SOFTWARE

AnyVision Introduces OnPatrol Tactical AI-Based Surveillance for Law Enforcement and Military Police, Providing Real-Time Situational Awareness

AnyVision | July 23, 2021

AnyVision, the world's leading Recognition AI firm, today announced the release of OnPatrol, a tactical surveillance mobile app that protects law enforcement and military personnel by recognising people of interest and alerting officers in real-time via their mobile device (e.g., phone or bodycam). “It is critical for the public to have faith in the safety and security offered by law enforcement services. AnyVision OnPatrol can assist de-escalate possible threats and avert physical harm by recognising criminals and dangerous individuals in real-time using our Recognition AI technology,” stated AnyVision CTO Dieter Joecker. “It is specifically built to rec...

Read More

SOFTWARE

Algolux has been Chosen to Participate in The Mercedes-Benz AG-Led AI-SEE Project for Its Robust Perception in Poor Visibility Situations

Algolux | July 22, 2021

Algolux, a worldwide recognised computer vision software business, has been chosen to join in Mercedes Benz AG's AI-SEE project to ensure safe driving in low visibility conditions. Algolux, which was recently named to the 2021 CB Insights AI 100 List of the world's most innovative AI startups and won the Most Outstanding Autonomous Vehicle Technology Innovation at the 2021 Tech.AD Europe Awards, will collaborate with 20 world-class OEM and supplier partners over a three-year period to enable Level 4 autonomy for mass-market vehicles. The goal is to create a novel robust sensor system powered by artificial intelligence to improve vehicle vision in low visibility conditions.

Read More

AI TECH

NVIDIA Inference Breakthrough Enhances Conversational AI from the Cloud to the Edge

NVIDIA | July 21, 2021

TensorRT 8, the eighth version of NVIDIA's AI software, was released today, cutting inference time for language queries in half, enabling developers to create the world's best-performing search engines, ad recommendations, and chatbots and provide them from the cloud to the edge. The improvements in TensorRT 8 provide record-breaking speed for language applications, executing BERT-Large, one of the world's most commonly used transformer-based models, in 1.2 milliseconds. Previously, companies had to reduce the size of their models, which resulted in considerably less accurate findings. Companies may now double or treble their model size with TensorRT 8 to make sign...

Read More

AI TECH

Bairong Inc. introduces Indra, a Multi-Party Computing Platform Powered by AI

Bairong Inc. | July 20, 2021

Bairong Inc., a major independent AI-powered technology platform in China, has officially unveiled Indra, a ground-breaking safe multi-party computing platform that addresses essential privacy protection concerns during the data development process. Indra provides a secure and effective data collaboration paradigm for partners and financial institutions, allowing them to capitalise on the value of data while adhering to data usage policies and preventing data leakage. Bairong is committed to researching the uses of AI and big data in the financial sector, and he places a high value on data security and privacy protection. Indra was designed by the company's AI experts and ...

Read More

Spotlight

This document details best practices for developing a good disaster recovery strategy, with specific additional guidelines for Microsoft SQL Server backups. Then it offers specific details for using two Dell backup and recovery solutions, AppAssure and NetVault Backup.

Resources

Events