Newly discovered Mac malware uses “fileless” technique to remain stealthy

[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Content source
https://arstechnica.com/information-technology/2019/12/north-koreas-lazarus-hackers-up-their-game-with-fileless-mac-malware/?utm_brand=arstechnica&utm_source=twitter&utm_social-type=owned&utm_medium=social
In-memory infection makes it harder for end-point protection to detect it.
Hackers believed to be working for the North Korean government have upped their game with a recently discovered Mac trojan that uses in-memory execution to remain stealthy.
In-memory execution, also known as fileless infection, never writes anything to a computer hard drive. Instead, it loads malicious code directly into memory and executes it from there. The technique is an effective way to evade antivirus protection because there’s no file to be analyzed or flagged as suspicious.
In-memory infections were once the sole province of state-sponsored attackers. By 2017, more advanced financially motivated hackers had adopted the technique. It has become increasing common since then.
The malware isn’t entirely fileless. The first stage poses as a cryptocurrency app with the file name UnionCryptoTrader.dmg. When it first came to light earlier this week, only two out of 57 antivirus products detected it as suspicious. On Friday, according to VirusTotal, detection had only modestly improved, with 17 of 57 products flagging it.
Once executed, the file uses a post-installation binary that, according to a detailed analysis by Patrick Wardle, a Mac security expert at enterprise Mac software provider Jamf, can do the following:
Click to expand...
arstechnica.com

Newly discovered Mac malware uses “fileless” technique to remain stealthy

In-memory infection makes it harder for end-point protection to detect it.
arstechnica.com arstechnica.com
 
  • Like
  • Wow
Reactions: Venustus, oldschool, Antus67 and 4 others
Antus67

Antus67

Level 9
Verified
Well-known
Nov 3, 2019
413
It would be common sense the first line of Defense against any type of malware begins with keeping your software up to date After reading this thread this type of infection requires pro action defense is to what to and what not to open and download.
 
  • Like
Reactions: Venustus, oldschool and [correlate]
[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Antus67 said:
It would be common sense the first line of Defense against any type of malware begins with keeping your software up to date After reading this thread this type of infection requires pro action defense is to what to and what not to open and download.
Click to expand...
Yes, all programs, especially the system, must be updated. Also, files and programs should be downloaded from the official website
 
  • Like
Reactions: Venustus and oldschool
You must log in or register to reply here.

Similar threads

vtqhtr413
    • +Reputation
    • Like
Well-hidden Mac cryptomining malware found
Replies
2
Views
721
News Archive
Zero Knowledge
Z
upnorth
    • Like
    • +Reputation
Windows Backdoor that’s unusually Stealthy
Replies
0
Views
487
News Archive
upnorth
upnorth
silversurfer
    • Like
    • +Reputation
    • Applause
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
Replies
0
Views
974
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top