Macs Do Get Malware And This Nasty Cryptomining Payload Has Been In Hiding For 5 Years


In more recent days, it was found that the malware authors continued to “develop and evolve their techniques.” More recent versions of the macOS.OSAMiner embedded another AppleScript within another AppleScript, making everything more complex. However, the researchers could reverse engineer the AppleScripts using a “little-known applescript-disassembler project and a decompiler tool” made by the team. Ultimately, the entire malware system and related processes were unveiled and shown to the world in a recent report.
As SentinelLabs states, “Run-only AppleScripts are surprisingly rare,” yet they are incredibly powerful and highly elusive. Case-in-point being the macOS.OSAMiner campaign, which took at least five years to crack open. Hopefully, analysts can use the research done in this campaign to help prevent future run-only AppleScripts.
Moreover, macOS users need to be keenly aware that they, too, are vulnerable, as malware can reach out and touch virtually any…