macOS malware; OSAMiner active since 2015; undetected

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs.

Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) games and software such as League of Legends and Microsoft Office for Mac, security firm SentinelOne said in a report published this week.

"OSAMiner has been active for a long time and has evolved in recent months," a SentinelOne spokesperson told ZDNet in an email interview on Monday.

"From what data we have it appears to be mostly targeted at Chineses/Asia-Pacific communities," the spokesperson added.
Read full article
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
From the article and your quote:
Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) games and software such as League of Legends and Microsoft Office for Mac, security firm SentinelOne said in a report published this week.
"Run-only AppleScripts are surprisingly rare in the macOS malware world, but both the longevity of and the lack of attention to the macOS.OSAMiner campaign, which has likely been running for at least 5 years, shows exactly how powerful run-only AppleScripts can be for evasion and anti-analysis," Stokes concluded in his report yesterday.

"In this case, we have not seen the actor use any of the more powerful features of AppleScript that we've discussed elsewhere [1, 2], but that is an attack vector that remains wide open and which many defensive tools are not equipped to handle."
From link 1:
AppleScript is very much like “the PowerShell of macOS”, only with much more power and much less scrutiny from the security community. Let’s make sure we, as defenders, know more about it than those with malicious intent.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top