'Dumb' MacOS Malware Attacks Slack, Discord Users Discussing Crypto

pubblicato su by Cointele | pubblicato su

Security researchers have discovered MacOS malware attacks targeting Slack and Discord users talking about cryptocurrencies, SC Media UK reports July 2.Remco Verhoef, founder of network security firm DutchSec, posted about the malware on June 30th in a blog post for the information security and cybersecurity training Sans Institute.

According to Verhoef, the attacks impersonate administrators or "Key people" in crypto-related chats, and then share "Small snippets" that are downloaded and execute a malicious binary.

SC Media UK notes that the malware can steal user passwords and store them on the local machine as well, which Verhoef identifies as German provider CrownCloud's apparently Netherland-based server.

Patrick Wardle of Digital Security posted on Objective-See on June 29 about the Mac-targeted malware attacks, writing that "Apparently attackers are asking users to infect themselves" with a "Rather massive machO binary."

"The infection method is dumb.the massive size of the binary is dumb.the persistence mechanism is lame.the capabilities are rather limited.it's trivial to detect at every step....and finally, the malware saves the user's password to dumpdummy".

According to threat intelligence analyst at Unit 42, Palo Alto Networks, Alex Hinchliffe, attacks like this will "Improve over time," and multi-factor authentication should be used for joining an organization's chat room.

Earlier today, reports broke of a new attack on Bitcoin users - monitoring 2.3 million targets - which consists of gaining control of Windows clipboards to swap out a user's BTC address for that of the attacker.

Last week, a cybersecurity report from McAfee Labs stated that cryptojacking instances have risen 629 percent in the first quarter of 2018.

x