Malware run on macOS avoids detection for 5+ years

Since 2015, OSAMiner, a malware that affects macOS, has been sneakily infecting users and hijacking their hardware resources. Its purpose is to mine cryptocurrency in the background of the system and out of view of the actual owner of the device.

This malware started being widely distributed after being disguised in pirated games, as well as software, such as Microsoft Office for Mac.

When users installed the pirate software, the installer would begin to run a run-only AppleScript that would download and run a second run-only AppleScript. This was then followed by the second run-only AppleScript running a third run-only AppleScript.

By utilizing the run-only AppleScripts, the creative hacker was able to keep the source code off of the security radar spectrum because these types of AppleScript come in a compiled state that isn’t human-readable.

Unfortunately, many defensive malware programs aren’t yet capable of protecting against run-only AppleScript attacks and this type of attack vector is widely unguarded.

Thankfully, run-only AppleScript malware is rare.

SentinelOne recently published extensive information regarding the OSAMiner attack. Hopefully, with the information provided by SentinelOne, macOS security software providers will be able to detect and protect against attacks of this nature soon.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648