Ventura's more stringent security checks confirm all notarized apps are correctly signed and have not been modified by unauthorized processes, even after first launch. In this case, Apple recently made significant improvements in macOS Ventura that make life harder for this malware. (That’s actually another good reason to foster a blame-free culture around security in order to spur the faster revelation of vulnerabilities).Īpple says it continues to update its XProtect system to block this particular malware family, and stressed that this attack does not bypass Gatekeeper protections. Employees whose hardware becomes infected because they downloaded pirated applications to a work machine are aware that they have acted illegally and are less inclined to warn IT that malware may have entered the system. There is a psychological element to this. Blame culture, Ventura, and application design By the end of that journey, the attacker became sophisticated enough that uploads showed up on Pirate Bay within just 24- ours of macOS application updates - and managed to disguise malicious processes as system processes. Jamf Threat Labs managed to trace three generations of this particular malware, which first appeared around August 2019.Įach generation saw the attack become harder to spot. The attack also attempts to trick users who have downloaded a malware-infested app into completely disabling Apple’s Gatekeeper protection to make the application run.The attack has managed to evade detection on VirusTotal, even though the malware family has been detected.Rather than Tor, it uses the Invisible Internet Project (i2P) communications protocol to communicate, download malware, and send mined currency to the attacker’s wallet.It is worth noting that all known versions of this malware family are already detected and blocked by Jamf Protect, which also informs admins if Gatekeeper is disabled on any managed devices. (Certainly, the platform has become more attractive to attackers.) That may make Macs an even more attractive target for crypto mining malware. The researchers speculate such attacks may become more prevalent, in part because of Apple’s success with creating computationally powerful Apple Silicon chips. Following the money, chasing the processors They found that almost every pirated app shared by the particular user hosted crypto-mining malware. In this case, researchers were able to identify the Pirate Bay account that distributed the files. “Adware has traditionally been the most widespread type of macOS malware, but cryptojacking, a stealthy and large-scale crypto-mining scheme, is becoming increasingly prevalent,” Jamf warned in a extensive report today explaining the attack. The malware is also intelligently designed to evade detection - when a user opens Activity Monitor to see if something is amiss on their Mac, it immediately ceases activity to avoid being spotted. Once installed, the malware secretly mines cryptocurrency using the infected Macs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |