BSV
$45.89
Vol 14.83m
3.72%
BTC
$62287
Vol 27961.64m
2.48%
BCH
$324.16
Vol 192.65m
1.59%
LTC
$64.89
Vol 254.87m
2.42%
DOGE
$0.1
Vol 766.34m
4.54%
Getting your Trinity Audio player ready...

Security researchers have uncovered a new type of malware aimed at those using MacOS devices to discuss cryptocurrencies.

The malware attacks users participating in cryptocurrency discussions on chat apps Discord and Slack, with hackers gaining access to conversations and posing as administrators to share malicious code. The code, identified by Sans Institute security researcher Remco Verhoef, connects to a C&C (Command and Control) server run by the hackers, which allows them to run code on the user’s MacOS device remotely. The malware also harvests passwords, in addition to seizing control of the victim’s device.

Verhoef suggested the hack server appeared to be situated in the Netherlands, saying, “CrownCloud, a German-based provider is the owner of the block of 185.243.115.230 and the server appears to be located in the Netherlands.”

Patrick Wardle, founder at Digita Security, described the malware as “dumb.”

“The capabilities are rather limited (and thus rather dumb), it’s trivial to detect at every step (that dumb)…and finally, the malware saves the user’s password to dumpdummy…I guess the take away here is (yet again) the built-in macOS malware mitigations should never be viewed as a panacea,” Wardle said in a blog post.

The dean of Research at the Sans Institute, Dr. Johannes Ullrich, said the best protection for users was to be wary of the software they install. In an interview with SC Media UK, Ullrich said, “This is probably the number one defence in this particular case, since anti-malware does not protect users until a signature is added to it. OS X tools like ‘LittleSnitch’ can also warn the user when new software like this establishes outbound network connections.”

Meanwhile, Alex Hinchliffe, an analyst at Unit 42, Palo Alto Networks, warned the “crude” malware could be expected to improve over time.

“We should expect such attacks to improve over time. As for organisations, they have some benefits in that they can typically control their network and environment more tightly than home users,” Hinchliffe told the UK news outlet. “In-house instances of such chat groups therefore can be rigorously checked for membership and the content being shared. Multi-factor authentication should be used to ensure that leaked or stolen credentials do not allow simply anyone to join an organisations chat room.”

Recommended for you

BTC miner Hut 8 pivots to AI as BTC profits dry up
Hut 8 now allows AI clients to use a cluster of 1,000 Nvidia GPUs powering HP supercomputers after a $72...
October 4, 2024
BTC mining profitability in free fall, noise complaints rise
BTC miners continue to face challenges, with their mining profitability on a downward trend, exacerbated by natural disasters, a possible...
October 2, 2024
Advertisement
Advertisement
Advertisement