#YEARS USED RUNONLY APPLESCRIPTS TO AVOID SOFTWARE#
Stokes and the SentinelOne team hope that by finally cracking the mystery surrounding this campaign and by publishing IOCs, other MacOS security software providers would now be able to detect OSAMiner attacks and help protect MacOS users. MALWARE YEARS USED RUNONLY APPLESCRIPTS TO SOFTWARE "Run-only AppleScripts are surprisingly rare in the MacOS malware world, but both the longevity of and the lack of attention to the MacOS.OSAMiner campaign, which has likely been running for at least 5 years, shows exactly how powerful run-only AppleScripts can be for evasion and anti-analysis," Stokes concluded in his report yesterday.An AppleScript feature designed to compress scripts into pre-compiled form has allowed bad actors to evade security researchers for years. This cryptominer Trojan spread unchecked for some five years. So-called run-only scripts-what we might today call “bytecode”-are poorly documented and difficult to analyze. So it’s hard to extract indicators of compromise out of malware obfuscated by them. What can DevOps learn from this? In this week’s Security Blogwatch, we learn lessons (not “learnings”).
Your humble blogwatcher curated these bloggy bits for your entertainment. #Years runonly applescripts avoid detection for mac# Not to mention: What everyone really wants.
What’s the craic? Ionut Ilascu reports- Mac malware uses 'run-only' AppleScripts to evade analysis: A cryptocurrency mining campaign … is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. MALWARE YEARS USED RUNONLY APPLESCRIPTS TO MAC has been in the wild since at least 2015.
0 kommentar(er)
