CoinMiner exploits Apple APSDaemon vulnerability to evade detection

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/coinminer-exploits-apple-apsdaemon-vulnerability-to-evade-detection/

Malware distributors are abusing a DLL hijacking vulnerability in Apple’s Push Notification service Windows executable to install coin miners on users attempting to download copyrighted software.

A common method of generating revenue on warez and crack sites, adult sites, video sharing sites, and file sharing sites is to open low quality web page when a visitor attempts to view or download content. These web pages redirect users through a series of sites that eventually push fake software updates, unwanted browser extension, fake giveaways, and malware.

A new malware campaign is using these redirects to distribute malware that uses DLL hijacking vulnerabilities to install a cryptocurrency miner on a victim's computer. [....]

CrystalBit / Apple Double DLL Hijack

Morphisec Labs has been tracking the evolution of the attack landscape, including a new double DLL hijack that includes AppleVersions.dll.

blog.morphisec.com