- YEARS USED RUNONLY APPLESCRIPTS DETECTION FOR SERIAL NUMBER
- YEARS USED RUNONLY APPLESCRIPTS DETECTION FOR FULL
YEARS USED RUNONLY APPLESCRIPTS DETECTION FOR SERIAL NUMBER
To decompile the malicious malware scripts, Sentinel Labs researchers had to use a relatively lesser-known AppleScript-disassembler project and another custom tool developed by the security firm. OSAMiner uses run-only AppleScripts to make reverse-engineering of its code difficult, the researchers say. "Recent versions of macOS.OSAMiner add greater complexity by embedding one run-only AppleScript inside another, further complicating the already difficult process of analysis." Security Evasion
YEARS USED RUNONLY APPLESCRIPTS DETECTION FOR FULL
"In late 2020, we discovered that the malware authors, presumably building on their earlier success in evading full analysis, had continued to develop and evolve their techniques," says Phil Stokes, a threat researcher at Sentinel Labs. OSAMiner's operators released the latest version of the cryptominer in 2020, but researchers only recently discovered the enhancements, according to the researchers' report. The malware now uses multiple versions of AppleScript - a scripting language used in macOS devices - to support obfuscation. OSAMiner, which has been active since 2015, has been distributed through hacked video games, such as League of Legends, as well as compromised versions of software packages, including Microsoft Office for macOS, Sentinel Labs says. The latest iteration uses new techniques to help prevent detection by security tools, the researchers report. See Also: Data Sharing Espionage: A Fraud Discussion Sentinel Labs researchers have identified an updated version of the cryptominer OSAMiner that targets the macOS operating system to mine for monero.
0 kommentar(er)
